codingcoffee/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: init

Browse source 
Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
This commit is contained in:
Ameya Shenoy 2024-11-11 01:47:02 +05:30
commit 2b3213c3f8
77 changed files with 6493 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
# project specific
.env.nix

86
flake.nix Normal file
View file

@ -0,0 +1,86 @@
{
description = "CodingCoffee's Flakes!";
inputs = {
nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable"; };
# The name "snowfall-lib" is required due to how Snowfall Lib processes your
# flake's inputs.
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
darwin-nixpkgs = { url = "github:NixOS/nixpkgs/nixpkgs-unstable"; };
nix-darwin = {
url = "github:LnL7/nix-darwin";
inputs.nixpkgs.follows = "darwin-nixpkgs";
};
wezterm = {
url = "github:wez/wezterm?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-needtoreboot = {
url = "github:thefossguy/nixos-needsreboot";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs:
let
lib = inputs.snowfall-lib.mkLib {
# You must provide our flake inputs to Snowfall Lib.
inherit inputs;
# The `src` must be the root of the flake. See configuration
# in the next section for information on how you can move your
# Nix files to a separate directory.
src = ./.;
# Configure Snowfall Lib, all of these settings are optional.
snowfall = {
# Tell Snowfall Lib to look in the `./nix/` directory for your
# Nix files.
root = ./nix;
# Choose a namespace to use for your flake's packages, library,
# and overlays.
namespace = "snowflake";
# Add flake metadata that can be processed by tools like Snowfall Frost.
meta = {
# A slug to use in documentation when displaying things like file paths.
name = "cc-nix-snowflake";
# A title to show for your flake, typically the name.
title = "CodingCoffee's Flakes!";
};
};
};
in lib.mkFlake {
channels-config = { allowUnfree = true; };
systems = {
modules = {
nixos = with inputs; [
home-manager.nixosModules.home-manager
disko.nixosModules.disko
];
};
};
};
}

7
nix/Makefile Normal file
View file

@ -0,0 +1,7 @@
.DEFAULT_GOAL := default
default:
@sudo nixos-rebuild switch --flake path:./#$(hostname)
watergate:
@nixos-rebuild --build-host art@192.168.122.15 --target-host art@192.168.122.15 --use-remote-sudo switch --flake path:./#watergate

24
nix/homes/x86_64-linux/cc@thinkpad/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }: {
snowflake.home = {
programs = {
chromium.enable = true;
firefox.enable = true;
wezterm.enable = true;
};
autostart = {
enable = true;
pkgs = [
pkgs.firefox
pkgs.spotify
pkgs.wezterm
# pkgs.kitty
];
};
desktop = {
gnome.dconf.enable = true;
xdg.mimeapps.enable = true;
};
};
home.stateVersion = "23.11";
}

19
nix/homes/x86_64-linux/cc@zephyrus/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, ... }: {
snowflake.home = {
programs = {
chromium.enable = true;
firefox.enable = true;
wezterm.enable = false;
};
autostart = {
enable = true;
pkgs = [ pkgs.firefox pkgs.spotify pkgs.wezterm ];
};
desktop = {
gnome.dconf.enable = true;
xdg.mimeapps.enable = true;
};
};
home.stateVersion = "23.11";
}

32
nix/modules/home/autostart/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, ... }:
{
options.snowflake.home.autostart = {
enable = lib.mkEnableOption "enable autostart module";
pkgs = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [ ];
description = "packages to autostart";
};
};
config = lib.mkIf config.snowflake.home.autostart.enable {
home.file = builtins.listToAttrs (map (pkg: {
name = ".config/autostart/" + pkg.pname + ".desktop";
value = if pkg ? desktopItem then {
# Application has a desktopItem entry.
# Assume that it was made with makeDesktopEntry, which exposes a
# text attribute with the contents of the .desktop file
text = pkg.desktopItem.text;
} else if pkg.pname == "wezterm" then {
# custom handling for wezterm since for its desktop file
source = (pkg + "/share/applications/" + "org.wezfurlong.wezterm"
+ ".desktop");
} else {
# Application does *not* have a desktopItem entry. Try to find a
# matching .desktop name in /share/apaplications
source = (pkg + "/share/applications/" + pkg.pname + ".desktop");
};
}) config.snowflake.home.autostart.pkgs);
};
}

10
nix/modules/home/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ inputs, pkgs, ... }: {
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
# Show activation change diff for new builds.
home.activation.report-changes =
inputs.home-manager.lib.hm.dag.entryAnywhere ''
${pkgs.nvd}/bin/nvd diff $oldGenPath $newGenPath
'';
}

228
nix/modules/home/desktop/gnome/dconf/default.nix Normal file
View file

@ -0,0 +1,228 @@
{ config, lib, inputs, ... }: {
options.snowflake.home.desktop.gnome.dconf.enable =
lib.mkEnableOption "manage gnome with dconf";
config = lib.mkIf config.snowflake.home.desktop.gnome.dconf.enable {
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
show-battery-percentage = true;
clock-show-weekday = true;
clock-show-seconds = true;
};
"org/gnome/desktop/peripherals/touchpad" = { tap-to-click = true; };
"org/gnome/desktop/input-sources" = {
xkb-options = [ "caps:swapescape" ];
};
"org/gnome/desktop/peripherals/touchpad" = { speed = 1.0; };
"org/gnome/desktop/session" = {
idle-delay = inputs.home-manager.lib.hm.gvariant.mkUint32 60;
};
"org/gnome/settings-daemon/plugins/power" = {
sleep-inactive-battery-type = "nothing";
sleep-inactive-ac-type = "nothing";
power-button-action = "nothing";
};
"org/gnome/desktop/wm/preferences" = { num-workspaces = 10; };
"org/gnome/desktop/notifications" = { show-in-lock-screen = false; };
"org/gnome/desktop/wm/keybindings" = {
close = [ "<Super>q" ];
# start window resize using mouse: defaults to "<Alt>F8"
begin-resize = [ "<Super>r" ];
# sticky windows across all workspaces ("Always on Visible Workspace")
toggle-on-all-workspaces = [ "<Super>s" ];
switch-to-workspace-1 = [ "<Super>1" ];
move-to-workspace-1 = [ "<Shift><Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
switch-to-workspace-5 = [ "<Super>5" ];
move-to-workspace-5 = [ "<Shift><Super>5" ];
switch-to-workspace-6 = [ "<Super>6" ];
move-to-workspace-6 = [ "<Shift><Super>6" ];
switch-to-workspace-7 = [ "<Super>7" ];
move-to-workspace-7 = [ "<Shift><Super>7" ];
switch-to-workspace-8 = [ "<Super>8" ];
move-to-workspace-8 = [ "<Shift><Super>8" ];
switch-to-workspace-9 = [ "<Super>9" ];
move-to-workspace-9 = [ "<Shift><Super>9" ];
switch-to-workspace-10 = [ "<Super>0" ];
move-to-workspace-10 = [ "<Shift><Super>0" ];
};
"org/gnome/shell/keybindings" = {
# NITE: this was bound to '<Super>n' for opening the nth application
# pinned in the bottom bar. Removing it to remap it to shwitch to the nth
# workspace
switch-to-application-1 = [ ];
switch-to-application-2 = [ ];
switch-to-application-3 = [ ];
switch-to-application-4 = [ ];
switch-to-application-5 = [ ];
switch-to-application-6 = [ ];
switch-to-application-7 = [ ];
switch-to-application-8 = [ ];
switch-to-application-9 = [ ];
switch-to-application-0 = [ ];
# removing keybinding for toggle-on-all-workspaces: defaults to "<Super>s"
toggle-quick-settings = [ ];
show-screenshot-ui = [ "<Super><Shift>s" ];
};
"org/gnome/desktop/media-handling" = {
automount = false;
automount-open = false;
autorun-never = false;
};
"org/gnome/desktop/wm/preferences" = { focus-mode = "sloppy"; };
"org/gnome/shell" = {
enabled-extensions = [
# tiling window manager
"forge@jmmaranan.com"
# to lock a window to an application on first start
"auto-move-windows@gnome-shell-extensions.gcampax.github.com"
# to move the clock to the right side on the top bar
"just-perfection-desktop@just-perfection"
# to launch a new instanc of an application rather than switching to
# the exising instance when invoking from GNOME shell
"launch-new-instance@gnome-shell-extensions.gcampax.github.com"
# GSConnect - KDE Connect reimplementation in GNOME
"gsconnect@andyholmes.github.io"
# blurtooth battery
"bluetooth-battery@michalw.github.com"
# netspeed
"netspeedsimplified@prateekmedia.extension"
# bedtime mode
"gnomebedtime@ionutbortis.gmail.com"
# caffeine
"caffeine@patapon.info"
];
};
"org/gnome/shell/extensions/just-perfection" = {
clock-menu-position = 1;
clock-menu-position-offset = 20;
};
"org/gnome/shell/extensions/forge" = { focus-border-toggle = false; };
"org/gnome/shell/extensions/forge/keybindings" = {
window-toggle-float = [ "<Super>f" ];
# this is bound to Super+l by default. Removing to bind this to lock screen
window-focus-right = [ "" ];
# this is bound to ``<Shift><Super>s`` by default. Removing to bind this to lock screen
con-stacked-layout-toggle = [ "" ];
# makes the window always float and enables "Always on Top" mode
window-toggle-always-float = [ "<Shift><Super>c" ];
};
"org/gnome/shell/extensions/auto-move-windows" = {
application-list = [
"kitty.desktop:2"
"org.wezfurlong.wezterm.desktop:2"
"firefox.desktop:4"
"org.telegram.desktop.desktop:7"
"spotify.desktop:9"
"mpv.desktop:10"
"audio-recorder.desktop:8"
];
};
"org/gnome/settings-daemon/plugins/color" = {
night-light-enabled = true;
night-light-temperature = 2000;
};
# NOTE: if keybinding not working search in `dconf dump /`
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = [
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2/"
"/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3/"
];
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" =
{
name = "Bookmenu";
binding = "<Super>b";
command = "/home/cc/.scripts/popup.sh bookmenu.sh";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" =
{
name = "AURA Play Pause";
binding = "Launch3";
command = "playerctl play-pause";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom2" =
{
name = "Toggle Speech to Text";
binding = "<Super>m";
command = "sh /home/cc/.scripts/speech-to-text.sh";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom3" =
{
name = "Lock Screen";
binding = "<Super>l";
command = "xdg-screensaver lock";
};
"org/virt-manager/virt-manager/connections" = {
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
};
"org/gnome/desktop/background" = {
picture-uri =
"file:///run/current-system/sw/share/backgrounds/gnome/blobs-l.svg";
picture-uri-dark =
"file:///run/current-system/sw/share/backgrounds/gnome/blobs-d.svg";
primary-color = "#241f31";
};
"org/gnome/desktop/screensaver" = {
picture-uri =
"file:///run/current-system/sw/share/backgrounds/gnome/blobs-l.svg";
primary-color = "#241f31";
};
};
};
}

25
nix/modules/home/desktop/xdg/mimeapps/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, ... }: {
options.snowflake.home.desktop.xdg.mimeapps.enable =
lib.mkEnableOption "manage default applications";
config = lib.mkIf config.snowflake.home.desktop.xdg.mimeapps.enable {
xdg.mimeApps = {
enable = true;
associations.added = {
"application/pdf" = [ "firefox.desktop" "org.gnome.Evince.desktop" ];
"image/png" = [ "org.gnome.Loupe.desktop" ];
"x-scheme-handler/sms" =
[ "org.gnome.Shell.Extensions.GSConnect.desktop;" ];
"x-scheme-handler/tel" =
[ "org.gnome.Shell.Extensions.GSConnect.desktop;" ];
};
defaultApplications = {
"application/pdf" = [ "org.gnome.Evince.desktop" ];
"image/png" = [ "org.gnome.Loupe.desktop" ];
"x-scheme-handler/tg" = [ "org.telegram.desktop.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
};
};
};
}

17
nix/modules/home/programs/chromium/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }: {
options.snowflake.home.programs.chromium.enable =
lib.mkEnableOption "enable custom chromium";
config = lib.mkIf config.snowflake.home.programs.chromium.enable {
# not to be heavily customized. to be only used for developing webapps and
# if any website is not available on firefox
programs.chromium = {
enable = true;
extensions = [
"fmkadmapgofadopljbjfkapdkoienihi" # React Developer Tools
];
package = pkgs.ungoogled-chromium;
};
};
}

729
nix/modules/home/programs/firefox/default.nix Normal file
View file

@ -0,0 +1,729 @@
{ config, lib, pkgs, ... }: {
options.snowflake.home.programs.firefox.enable =
lib.mkEnableOption "enable custom firefox";
config = lib.mkIf config.snowflake.home.programs.firefox.enable {
programs.firefox = {
enable = true;
# Policies apply at firefox global level
policies = {
"3rdparty" =
{ # Set policies that WebExtensions can access via chrome.storage.managed.
Extensions = {
# "uBlock0@raymondhill.net" = {
# adminSettings = {
# selectedFilterLists = [
# "ublock-privacy"
# "ublock-badware"
# "ublock-filters"
# "user-filters"
# ];
# };
# };
};
};
# AllowedDomainsForApps = ""; # Define domains allowed to access Google Workspace.
AllowFileSelectionDialogs = true; # Allow file selection dialogs.
AppAutoUpdate = false; # Enable or disable automatic application update.
# AppUpdatePin = ""; # Prevent Firefox from being updated beyond the specified version.
# AppUpdateURL = ""; # Change the URL for application update.
# Authentication = ""; # Configure sites that support integrated authentication.
AutoLaunchProtocolsFromOrigins =
[ # Define a list of external protocols that can be used from listed origins without prompting the user.
{
protocol = "zoommtg";
allowed_origins = [ "https://asu.zoom.us" ];
}
];
BackgroundAppUpdate =
false; # Enable or disable the background updater (Windows only).
# BlockAboutAddons = true; # Block access to the Add-ons Manager (about:addons).
# BlockAboutConfig = true; # Block access to about:config.
# BlockAboutProfiles = true; # Block access to About Profiles (about:profiles).
# BlockAboutSupport = true; # Block access to Troubleshooting Information (about:support).
# Bookmarks = ""; # use ManagedBookmarks instead - Add bookmarks in either the bookmarks toolbar or menu.
# CaptivePortal = ""; # Enable or disable the detection of captive portals.
# Certificates = {
# ImportEnterpriseRoots = ""; # Trust certificates that have been added to the operating system certificate store by a user or administrator.
# Install = ""; # Install certificates into the Firefox certificate store.
# };
# Containers = { # Set policies related to containers. - doesn't work, managing via individual profile
# quasar = [
# {
# name = "TheFourHorsemen";
# color = "orange";
# icon = "fingerprint";
# }
# {
# name = "Grapevine-Ameya";
# color = "purple";
# icon = "briefcase";
# }
# {
# name = "Grapevine";
# color = "pink";
# icon = "dollar";
# }
# {
# name = "Trized";
# color = "green";
# icon = "tree";
# }
# ];
# };
# Cookies = { # Configure cookie preferences.
# Allow = ["http://example.org/"];
# AllowSession = ["http://example.edu/"];
# Block = ["http://example.edu/"];
# Default = true;
# AcceptThirdParty = "never";
# RejectTracker = true;
# Locked = true;
# Behavior = "reject-tracker";
# BehaviorPrivateBrowsing = "accept";
# };
# DefaultDownloadDirectory = ""; # Set the default download directory.
DisableAppUpdate = true; # Turn off application updates.
DisableBuiltinPDFViewer =
true; # Disable the built in PDF viewer. said to have vulnerabilities; using PDFjs instead
# DisabledCiphers = { # Disable ciphers.
# TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = true;
# TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = true;
# TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = true;
# TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = true;
# TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = true;
# TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = true;
# TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = true;
# TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = true;
# TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = true;
# TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = true;
# TLS_DHE_RSA_WITH_AES_128_CBC_SHA = true;
# TLS_DHE_RSA_WITH_AES_256_CBC_SHA = true;
# TLS_RSA_WITH_AES_128_GCM_SHA256 = true;
# TLS_RSA_WITH_AES_256_GCM_SHA384 = true;
# TLS_RSA_WITH_AES_128_CBC_SHA = true;
# TLS_RSA_WITH_AES_256_CBC_SHA = true;
# TLS_RSA_WITH_3DES_EDE_CBC_SHA = true;
# };
# DisableDefaultBrowserAgent = ""; # Prevent the default browser agent from taking any actions (Windows only).
DisableDeveloperTools = false; # Remove access to all developer tools.
# DisableFeedbackCommands = false; # Disable the menus for reporting sites.
DisableFirefoxAccounts =
true; # Disable Firefox Accounts integration (Sync).
DisableFirefoxScreenshots =
true; # Remove access to Firefox Screenshots.
DisableFirefoxStudies = true; # Disable Firefox studies (Shield).
# DisableForgetButton = ""; # Disable the “Forget” button.
# DisableFormHistory = false; # Turn off saving information on web forms and the search bar.
DisableMasterPasswordCreation =
true; # Remove the master password functionality.
# DisablePasswordReveal = false; # Do not allow passwords to be revealed in saved logins.
DisablePocket = true; # Remove Pocket in the Firefox UI.
DisablePrivateBrowsing = false; # Remove access to private browsing.
DisableProfileImport =
true; # Disables the “Import data from another browser” option in the bookmarks window.
DisableProfileRefresh =
true; # Disable the Refresh Firefox button on about:support and support.mozilla.org
DisableSafeMode = false; # Disable safe mode within the browser.
# DisableSecurityBypass = { # Prevent the user from bypassing security in certain cases.
# InvalidCertificate = true;
# SafeBrowsing = true;
# };
DisableSetDesktopBackground =
true; # Remove the “Set As Desktop Background…” menuitem when right clicking on an image.
DisableSystemAddonUpdate =
true; # Prevent system add-ons from being installed or updated.
DisableTelemetry = true; # DisableTelemetry
# DisableThirdPartyModuleBlocking = ""; # Do not allow blocking third-party modules (windows only)
DisplayBookmarksToolbar =
"never"; # Set the initial state of the bookmarks toolbar.
DisplayMenuBar = "default-off"; # Set the state of the menubar.
DNSOverHTTPS =
{ # Configure DNS over HTTPS - test using -> https://one.one.one.one/help/
Enabled = true; # determines whether DNS over HTTPS is enabled
ProviderURL =
"https://mozilla.cloudflare-dns.com/dns-query"; # is a URL to another provider
Locked =
true; # prevents the user from changing DNS over HTTPS preferences
ExcludedDomains =
[ "example.com" ]; # excludes domains from DNS over HTTPS
Fallback =
true; # determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider
};
DontCheckDefaultBrowser =
true; # Dont check if Firefox is the default browser at startup.
# DownloadDirectory = "/home/cc/Downloads/"; # Set and lock the download directory.
EnableTrackingProtection = { # Configure tracking protection.
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
EmailTracking = true;
# Exceptions = [
# "https://example.com"
# ];
};
EncryptedMediaExtensions =
{ # Enable or disable Encrypted Media Extensions (like widevine) and optionally lock it.
Enabled = true;
Locked = true;
};
# EnterprisePoliciesEnabled = ""; # Enable policy support on macOS.
# ExemptDomainFileTypePairsFromFileTypeDownloadWarnings = [ # Disable warnings based on file extension for specific file types on domains.
# {
# file_extension = "jnlp";
# domains = ["example.com"];
# }
# ];
# Extensions = ""; # use ExtensionSettings instead - Control the installation, uninstallation and locking of extensions.
# you can find the extension names in about:support -> Add-ons
ExtensionSettings = { # Manage all aspects of extensions.
"*" = {
installation_mode = "blocked";
blocked_install_message =
"You cannot install additional extensions without a declarative config! :)";
};
# "addons-search-detection@mozilla.com" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "bing@search.mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "ddg@search.mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "google@search.mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# Vimium
"{d7742d87-e61d-4b78-b8a1-b469842139fa}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4259790/vimium_ff-2.1.2.xpi"; # vimium-ff
};
# "wikipedia@search.mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "default-theme@mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# 'Improve YouTube!' 🎧 (for YouTube & Videos)'
"{3c6bf0cc-3ae2-42fb-9993-0d33104fdcaf}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4375372/youtube_addon-4.1122.xpi"; # youtube-addon
};
# Tampermonkey
"firefox@tampermonkey.net" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4379021/tampermonkey-5.3.2.xpi"; # tampermonkey
};
# AI-based Grammar Checker & Paraphraser LanguageTool
"languagetool-webextension@languagetool.org" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4341696/languagetool-8.11.8.xpi"; # languagetool
};
# Auto Discard Tab
"{c2c003ee-bd69-42a2-b0e9-6f34222cb046}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4045009/auto_tab_discard-0.6.7.xpi"; # auto-tab-discard
};
# Bitwarden - Free Password Manager
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4371752/bitwarden_password_manager-2024.10.1.xpi"; # bitwarden-password-manager
};
# TODO: Bypass Paywalls Clean - not working, need to debug
"magnolia@12.34" = {
installation_mode = "force_installed";
install_url =
"https://gitflic.ru/project/magnolia1234/bpc_uploads/blob/raw?file=bypass_paywalls_clean-3.8.9.0.xpi"; # bypass paywalls clean
};
# CanvasBlocker
"CanvasBlocker@kkapsner.de" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4262820/canvasblocker-1.10.1.xpi"; # canvasblocker
};
# ClearURLs
"{74145f27-f039-47ce-a470-a662b129930a}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4064884/clearurls-1.26.1.xpi"; # clearurls
};
# Dark Reader
"addon@darkreader.org" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4378073/darkreader-4.9.96.xpi"; # darkreader
};
# Decentraleyes
"jid1-BoFifL9Vbdl2zQ@jetpack" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4255788/decentraleyes-2.0.19.xpi"; # decentraleyes
};
# Firefox Multi-Account Containers
"@testpilot-containers" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4355970/multi_account_containers-8.2.0.xpi"; # multi-account-containers
};
# Open external links in a container
"{f069aec0-43c5-4bbf-b6b4-df95c4326b98}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/3566167/open_url_in_container-1.0.3.xpi"; # open-url-in-container
};
# Privacy Badger
"jid1-MnnxcxisBPnSXQ@jetpack" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4321653/privacy_badger17-2024.7.17.xpi"; # privacy-badger17
};
# React Developer Tools
"@react-devtools" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4360002/react_devtools-6.0.0.xpi"; # react-devtools
};
# Read Aloud: A Text to Speech Voice Reader
"{ddc62400-f22d-4dd3-8b4a-05837de53c2e}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4350883/read_aloud-1.73.0.xpi"; # read-aloud
};
# Return YouTube Dislike
"{762f9885-5a13-4abd-9c77-433dcd38b8fd}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4371820/return_youtube_dislikes-3.0.0.18.xpi"; # return-youtube-dislikes
};
# Search by Image
"{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/2821476/search-2.0.xpi"; # search_by_image
};
# Sidebery
"{3c078156-979c-498b-8990-85f7987dd929}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4246774/sidebery-5.2.0.xpi"; # sidebery
};
# SponsorBlock for YouTube - Skip Sponsorships
"sponsorBlocker@ajay.app" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4372080/sponsorblock-5.9.5.xpi"; # sponsorblock
};
# GSConnect
"gsconnect@andyholmes.github.io" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/3626312/gsconnect-8.xpi"; # gsconnect
};
# # DeArrow
# # removing this since it's not that useful and also slows down the loading speed of youtube
# "deArrow@ajay.app" = {
# installation_mode = "force_installed";
# install_url = "https://addons.mozilla.org/firefox/downloads/file/4254118/dearrow-1.5.11.xpi";
# };
# Stylebot
"{52bda3fd-dc48-4b3d-a7b9-58af57879f1e}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/3979493/stylebot_web-3.1.3.xpi"; # stylebot-web
};
# Tab Stash
"tab-stash@condordes.net" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4361352/tab_stash-3.1.1.xpi"; # tab-stash
};
# Tabliss
"extension@tabliss.io" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/3940751/tabliss-2.6.0.xpi"; # tabliss
};
# uBlacklist
"@ublacklist" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4327308/ublacklist-8.9.2.xpi"; # ublacklist
};
# uBlock Origin
"uBlock0@raymondhill.net" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.60.0.xpi"; # ublock-origin
};
# User-Agent Switcher and Manager
"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4098688/user_agent_string_switcher-0.5.0.xpi"; # user-agent-string-switcher
};
# Video Speed Controller
"{7be2ba16-0f1e-4d93-9ebc-5164397477a9}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/3756025/videospeed-0.6.3.3.xpi"; # videospeed
};
# Web Archives
"{d07ccf11-c0cd-4938-a265-2a4d6ad01189}" = {
installation_mode = "force_installed";
install_url =
"https://addons.mozilla.org/firefox/downloads/file/4361316/view_page_archive-7.0.0.xpi"; # view-page-archive
};
# "firefox-compact-dark@mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "firefox-alpenglow@mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "firefox-compact-light@mozilla.org" = {
# installation_mode = "force_installed";
# install_url = "";
# };
# "uBlock0@raymondhill.net": {
# "installation_mode": "force_installed",
# "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
# },
# "https-everywhere@eff.org": {
# "installation_mode": "allowed",
# "updates_disabled": false
# }
};
ExtensionUpdate = false; # Control extension updates.
FirefoxHome = { # Customize the Firefox Home page.
Search = false;
TopSites = false;
SponsoredTopSites = false;
Highlights = false;
Pocket = false;
SponsoredPocket = false;
Snippets = false;
# Locked = true;
};
FirefoxSuggest = { # Customize Firefox Suggest.
WebSuggestions = false;
SponsoredSuggestions = false;
ImproveSuggest = false;
# Locked = true;
};
GoToIntranetSiteForSingleWordEntryInAddressBar =
false; # Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
Handlers = { # Configure default application handlers.
# mimeTypes = {
# "application/msword" = {
# action = "useSystemDefault";
# ask = false;
# };
# };
schemes = {
mailto = {
action = "useHelperApp";
ask = true;
handlers = [{
name = "Gmail";
uriTemplate =
"https://mail.google.com/mail/?extsrc=mailto&url=%s";
}];
};
};
# extensions = {
# pdf = {
# action = "useHelperApp";
# ask = true;
# handlers = [
# {
# name = "Adobe Acrobat";
# path = "/usr/bin/acroread";
# }
# ];
# };
# };
};
# Control hardware acceleration.
# - this exposis points for fingerprinting, so disabling it helps
# - but when enabled it gives a massive performace improvement
# To check: See about:support. If your compositor is WebRender without any caveats (like software), your Firefox is hardware accelerated
HardwareAcceleration = true;
Homepage = { # Configure the default homepage and how Firefox starts.
# URL = "http://example.com/";
# Locked = true;
# Additional = [
# "http://example.org/"
# "http://example.edu/"
# ];
StartPage = "previous-session";
};
# InstallAddonsPermission = { # Configure the default extension install policy as well as origins for extension installs are allowed.
# Allow = [];
# Default = false;
# };
# LegacyProfiles = ""; # Disable the feature enforcing a separate profile for each installation.
# LegacySameSiteCookieBehaviorEnabled = ""; # Enable default legacy SameSite cookie behavior setting.
# LegacySameSiteCookieBehaviorEnabledForDomainList = ""; # Revert to legacy SameSite behavior for cookies on specified sites.
# LocalFileLinks = ""; # Enable linking to local files by origin.
ManagedBookmarks =
[ # Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
{ toplevel_name = "My managed bookmarks folder"; }
{
url = "codingcoffee.dev";
name = "CodingCoffee";
}
{
name = "LLM";
children = [
{
url = "https://claude.ai/chats";
name = "Claude";
}
{
url = "https://chat.openai.com/chats";
name = "ChatGPT";
}
];
}
];
ManualAppUpdateOnly =
true; # Allow manual updates only and do not notify the user about updates.
NetworkPrediction =
true; # Enable or disable network prediction (DNS prefetching).
# NewTabPage = true; # Enable or disable the New Tab page.
NoDefaultBookmarks = true; # Disable the creation of default bookmarks.
OfferToSaveLogins =
false; # Control whether or not Firefox offers to save passwords. Managed by KeepAss instead
# OfferToSaveLoginsDefault = false; # ignored because OfferToSaveLogins is present - Set the default value for whether or not Firefox offers to save passwords.
# OverrideFirstRunPage = ""; # Override the first run page.
# OverridePostUpdatePage = ""; # Override the upgrade page.
PasswordManagerEnabled =
false; # Remove (some) access to the password manager.
# PasswordManagerExceptions = []; # Prevent Firefox from saving passwords for specific sites.
PDFjs = { # Disable or configure PDF.js, the built-in PDF viewer.
Enabled = true;
EnablePermissions = false;
};
Permissions =
{ # Set permissions associated with camera, microphone, location, and notifications.
Camera = {
Allow = [ "https://meet.google.com" ];
Block = [ ];
BlockNewRequests = false;
Locked = false;
};
Microphone = {
Allow = [ "https://meet.google.com" ];
Block = [ ];
BlockNewRequests = false;
Locked = false;
};
Location = {
Allow = [ ];
Block = [ ];
BlockNewRequests = false;
Locked = false;
};
Notification = {
Allow = [ ];
Block = [ ];
BlockNewRequests = false;
Locked = false;
};
Autoplay = {
Allow = [ ];
Block = [ ];
Default = "block-audio-video";
Locked = false;
};
};
PictureInPicture = { # Enable or disable Picture-in-Picture.
Enabled = false;
Locked = true;
};
PopupBlocking =
{ # Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
Allow = [ "https://mail.google.com" ];
Default = false;
Locked = true;
};
# Preferences = ""; # Set and lock preferences.
# PrimaryPassword = ""; # Require or prevent using a primary (formerly master) password.
PrintingEnabled = true; # Enable or disable printing.
PromptForDownloadLocation =
true; # Ask where to save each file before downloading.
# Proxy = ""; # Configure proxy settings.
# RequestedLocales = "en-US"; # Set the the list of requested locales for the application in order of preference.
SearchBar = "unified"; # Set whether or not search bar is displayed.
SearchSuggestEnabled = false; # Enable search suggestions.
# SecurityDevices = ""; # Install PKCS #11 modules.
ShowHomeButton = false; # Show the home button on the toolbar.
# SSLVersionMax = ""; # Set and lock the maximum version of TLS.
# SSLVersionMin = ""; # Set and lock the minimum version of TLS.
StartDownloadsInTempDirectory =
true; # Force downloads to start off in a local, temporary location rather than the default download directory.
# SupportMenu = ""; # Add a menuitem to the help menu for specifying support information.
UserMessaging = { # Dont show certain messages to the user.
WhatsNew = false;
ExtensionRecommendations = true;
FeatureRecommendations = true;
UrlbarInterventions = true;
SkipOnboarding = true;
MoreFromMozilla = true;
Locked = true;
};
UseSystemPrintDialog =
false; # Print using the system print dialog instead of print preview.
# WebsiteFilter = { # Block websites from being visited.
# Block = [
# "<all_urls>"
# ];
# Exceptions = [
# "http://example.org/*"
# ];
# };
# WindowsSSO = ""; # Allow Windows single sign-on for Microsoft, work, and school accounts.
};
profiles = {
quasar = {
id = 0;
name = "quasar";
isDefault = true;
# to remove the file containers.json and force replace it with a symlink
containersForce = true;
containers = {
"TheFourHorsemen" = {
id = 1;
color = "orange";
icon = "fingerprint";
};
"Grapevine-Ameya" = {
id = 2;
color = "purple";
icon = "briefcase";
};
"Grapevine" = {
id = 3;
color = "pink";
icon = "dollar";
};
"Trized" = {
id = 5;
color = "green";
icon = "tree";
};
};
# NOTE: the way to figure this out is to
# 1. take a backup of the prefs.js file
# 2. make the change manually in firefox setting
# 3. see the diff of the backed up pref.js file with the new pref.js file
# These will apply at the individual profile level. Policies apply at firefox global level
settings = {
# Open previous windows and tabs
"browser.startup.page" = 3;
# Confirm before closing multiple tabs
"browser.tabs.warnOnClose" = true;
# When you open a link, image or media in a new tab, switch to it
# immediately within firefox, not when coming from outside of firefox
"browser.tabs.loadInBackground" = true;
# What should Firefox do with other files?
"browser.download.always_ask_before_handling_new_types" = true;
# Play DRM-controlled content
"media.eme.enabled" = true;
# Show search suggestions ahead of browsing history in address bar results
"browser.urlbar.showSearchSuggestionsFirst" = false;
# Tell websites not to sell or share my data
"privacy.donottrackheader.enabled" = true;
# Send websites a “Do Not Track” request
"privacy.globalprivacycontrol.enabled" = true;
"privacy.globalprivacycontrol.was_ever_enabled" = true;
# Allow Firefox to install and run studies
"app.shield.optoutstudies.enabled" = false;
# Allow Firefox to send technical and interaction data to Mozilla
"datareporting.healthreport.uploadEnabled" = false;
# Pocket - Recommend Stories
"browser.newtabpage.activity-stream.feeds.section.topstories" =
false;
"browser.disableResetPrompt" = true;
"browser.download.panel.shown" = true;
"browser.download.useDownloadDir" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.shell.checkDefaultBrowser" = false;
# "browser.shell.defaultBrowserCheckCount" = 1;
# "browser.startup.homepage" = "https://start.duckduckgo.com";
"browser.uiCustomization.state" = ''
{"placements":{"widget-overflow-fixed-list":[],"unified-extensions-area":["_3c6bf0cc-3ae2-42fb-9993-0d33104fdcaf_-browser-action","sponsorblocker_ajay_app-browser-action","jid1-mnnxcxisbpnsxq_jetpack-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action","_74145f27-f039-47ce-a470-a662b129930a_-browser-action","_7be2ba16-0f1e-4d93-9ebc-5164397477a9_-browser-action","_c2c003ee-bd69-42a2-b0e9-6f34222cb046_-browser-action","_react-devtools-browser-action","_a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7_-browser-action","_ublacklist-browser-action","canvasblocker_kkapsner_de-browser-action","magnolia_12_34-browser-action","jid1-bofifl9vbdl2zq_jetpack-browser-action","firefox_tampermonkey_net-browser-action","languagetool-webextension_languagetool_org-browser-action"],"nav-bar":["back-button","forward-button","stop-reload-button","customizableui-special-spring1","urlbar-container","customizableui-special-spring2","downloads-button","fxa-toolbar-menu-button","_testpilot-containers-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_d7742d87-e61d-4b78-b8a1-b469842139fa_-browser-action","addon_darkreader_org-browser-action","_52bda3fd-dc48-4b3d-a7b9-58af57879f1e_-browser-action","_ddc62400-f22d-4dd3-8b4a-05837de53c2e_-browser-action","ublock0_raymondhill_net-browser-action","unified-extensions-button","_3c078156-979c-498b-8990-85f7987dd929_-browser-action","tab-stash_condordes_net-browser-action"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["firefox-view-button","tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["managed-bookmarks","import-button","personal-bookmarks"]},"seen":["save-to-pocket-button","developer-button","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_3c078156-979c-498b-8990-85f7987dd929_-browser-action","_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_74145f27-f039-47ce-a470-a662b129930a_-browser-action","_7be2ba16-0f1e-4d93-9ebc-5164397477a9_-browser-action","_c2c003ee-bd69-42a2-b0e9-6f34222cb046_-browser-action","_d7742d87-e61d-4b78-b8a1-b469842139fa_-browser-action","_react-devtools-browser-action","_a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7_-browser-action","addon_darkreader_org-browser-action","_ublacklist-browser-action","canvasblocker_kkapsner_de-browser-action","_testpilot-containers-browser-action","jid1-mnnxcxisbpnsxq_jetpack-browser-action","sponsorblocker_ajay_app-browser-action","magnolia_12_34-browser-action","tab-stash_condordes_net-browser-action","jid1-bofifl9vbdl2zq_jetpack-browser-action","ublock0_raymondhill_net-browser-action","firefox_tampermonkey_net-browser-action","languagetool-webextension_languagetool_org-browser-action","_3c6bf0cc-3ae2-42fb-9993-0d33104fdcaf_-browser-action","_52bda3fd-dc48-4b3d-a7b9-58af57879f1e_-browser-action","_ddc62400-f22d-4dd3-8b4a-05837de53c2e_-browser-action"],"dirtyAreaCache":["nav-bar","PersonalToolbar","unified-extensions-area","toolbar-menubar","TabsToolbar"],"currentVersion":20,"newElementCount":7}'';
"dom.security.https_only_mode" = true;
"identity.fxaccounts.enabled" = false;
"privacy.trackingprotection.enabled" = true;
"signon.rememberSignons" = false;
# ensure hardware video decoding on ff to save battery
"media.hardware-video-decoding.enabled" = true;
};
search = {
force = true;
default = "Google";
order = [ "Google" ];
engines = {
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{
name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}];
icon =
"''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
"NixOS Wiki" = {
urls = [{
template =
"https://nixos.wiki/index.php?search={searchTerms}";
}];
iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ];
};
"Bing".metaData.hidden = true;
"Google".metaData.alias =
"@g"; # builtin engines only support specifying one additional alias
};
};
};
};
};
};
}

5
nix/modules/home/programs/qemu/default.nix Normal file
View file

@ -0,0 +1,5 @@
# Enabling this by default since its nothing more than a config file. If kvm
# exists, it'll be utilized, otherwise not
_: {
xdg.configFile."libvirt/qemu.conf".source = ./qemu.conf;
}

4
nix/modules/home/programs/qemu/qemu.conf Normal file
View file

@ -0,0 +1,4 @@
# Adapted from /var/lib/libvirt/qemu.conf
# Note that AAVMF and OVMF are for Aarch64 and x86 respectively
nvram = [ "/run/libvirt/nix-ovmf/AAVMF_CODE.fd:/run/libvirt/nix-ovmf/AAVMF_VARS.fd", "/run/libvirt/nix-ovmf/OVMF_CODE.fd:/run/libvirt/nix-ovmf/OVMF_VARS.fd" ]

16
nix/modules/home/programs/wezterm/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, inputs, ... }: {
options.snowflake.home.programs.wezterm.enable =
lib.mkEnableOption "enable custom wezterm";
config = lib.mkIf config.snowflake.home.programs.wezterm.enable {
programs.wezterm = {
enable = true;
package = inputs.wezterm.packages.${pkgs.system}.default;
# can use this for managing the config inside nix, but I'd rather use stow
# to manage config, since that way the config can be easily used on non nix
# systems as well
extraConfig = builtins.readFile ./wezterm.lua;
};
};
}

49
nix/modules/home/programs/wezterm/wezterm.lua Normal file
View file

@ -0,0 +1,49 @@
-- Pull in the wezterm API
local wezterm = require 'wezterm'
-- This table will hold the configuration.
local config = {}
-- In newer versions of wezterm, use the config_builder which will
-- help provide clearer error messages
if wezterm.config_builder then
config = wezterm.config_builder()
end
-- This is where you actually apply your config choices
config.color_scheme = 'Monokai (terminal.sexy)'
config.window_background_opacity = 0.5
config.window_decorations = "RESIZE"
config.use_fancy_tab_bar = false
config.show_tabs_in_tab_bar = false
config.show_new_tab_button_in_tab_bar = false
config.font = wezterm.font 'Iosevka Nerd Font'
config.font_size = 13.0
local xcursor_size = nil
local xcursor_theme = nil
local success, stdout, stderr = wezterm.run_child_process({"gsettings", "get", "org.gnome.desktop.interface", "cursor-theme"})
if success then
xcursor_theme = stdout:gsub("'(.+)'\n", "%1")
end
local success, stdout, stderr = wezterm.run_child_process({"gsettings", "get", "org.gnome.desktop.interface", "cursor-size"})
if success then
xcursor_size = tonumber(stdout)
end
config.xcursor_theme = xcursor_theme
config.xcursor_size = xcursor_size
-- workaround for showing cursor on wezterm
config.enable_wayland = false
-- and finally, return the configuration to wezterm
return config

142
nix/modules/nixos/core/default.nix Normal file
View file

@ -0,0 +1,142 @@
{ config, lib, pkgs, system, inputs, ... }: {
options.snowflake = {
extraPackages = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [ ];
description = "Extra packages to be installed system-wide";
};
};
config = {
# roots ssh keys
users.users.root.openssh.authorizedKeys.keys = [
# change this to your ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
# base packages required everywhere
environment = {
shells = with pkgs; [ bash zsh fish ];
systemPackages = with pkgs;
map lib.lowPrio [
# base packages
## ssl
openssl
## data transfer
rsync
curl
wget
aria2 # torrent
## editor
neovim
## version management
git
## disk space utility management
ncdu
## disk utility management
gptfdisk
## monitoring utility
htop
btop
## battery management
acpi
## system info
neofetch
inxi
## networking utility
inetutils # for telnet
mtr # for latency and network path monitoring
dig # for dns query
whois # for domain name ownership query
prettyping # for latency monitoring
ethtool # for network interface monitoring
wol # for wakeonlan
## file interaction
fzf
ripgrep
jq
file
tree
eza
## generic linux utils
coreutils
unixtools.xxd # for generating uuid
file # for checking filetype
## pci utilities
pciutils
lshw
## usb utilities
usbutils
## nix specific
# nix-output-monitor # pretty build outputs # removing since taken care of by nh
] ++ config.snowflake.extraPackages;
};
programs.bash.shellAliases = {
d = "docker";
v = "nvim";
dco = "docker compose";
};
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
sandbox = true;
auto-optimise-store = true;
};
};
# higher openssh security
services.openssh = {
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
documentation = {
enable = true;
man = {
enable = true;
man-db.enable = false;
mandoc.enable = true;
generateCaches = true;
};
};
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 7d --keep 7";
};
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
"${
inputs.nixos-needtoreboot.packages."${system}".default
}/bin/nixos-needsreboot"
'';
};
};
}

8
nix/modules/nixos/core/latestKernel/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }: {
options.snowflake.core.latestKernel =
lib.mkEnableOption "enable latest kernel";
config = lib.mkIf config.snowflake.core.latestKernel {
boot.kernelPackages = pkgs.linuxPackages_latest;
};
}

24
nix/modules/nixos/core/locale/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, ... }: {
options.snowflake = {
locale = lib.mkOption {
type = lib.types.str;
description = "locale";
};
};
config = {
# Select internationalisation properties.
i18n.defaultLocale = config.snowflake.locale;
i18n.extraLocaleSettings = {
LC_ADDRESS = config.snowflake.locale;
LC_IDENTIFICATION = config.snowflake.locale;
LC_MEASUREMENT = config.snowflake.locale;
LC_MONETARY = config.snowflake.locale;
LC_NAME = config.snowflake.locale;
LC_NUMERIC = config.snowflake.locale;
LC_PAPER = config.snowflake.locale;
LC_TELEPHONE = config.snowflake.locale;
LC_TIME = config.snowflake.locale;
};
};
}

9
nix/modules/nixos/core/openssh/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, ... }: {
options.snowflake.core.openssh = {
enable = lib.mkEnableOption "enable openssh";
};
config = lib.mkIf config.snowflake.core.openssh.enable {
services.openssh.enable = true;
};
}

55
nix/modules/nixos/core/usbguard/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }: {
options.snowflake.core.usbguard = {
### WARNING ###
# NOTE: be very careful before turning on usbguard. It'll has the potential
# to disable your keyboard and render your system useless. To use this
# module follow the following steps.
#
# 1. Enable this module while keeping the serviceEnable option set to false.
# This will only install usbguard onto your system without enabling the
# usbguard systemd service.
# 2. Do not connect any USB devices to your laptop. Or only connect
# trusted, frequently used devices
# 3. use the command `usbguard generate-policy` to generate the usbguard
# "rules". This will generate a list of devices which are trusted and can
# be interfaced with the system without explicit approval. This include
# your inbuilt keyboard, webcam etc
# 4. set the output of this command as the value for the "rules" option,
# and set the "serviceEnable" option to true
#
# Ref:
# - https://github.com/USBGuard/usbguard/blob/main/doc/man/usbguard-rules.conf.5.adoc
### WARNING ###
# FAQ
# - to connect a new USB device
# - run `sudo usbguard watch` in a tty
# - connect your device
# - find the device ID from the tty running `usbguard watch`
# - run `sudo usbguard allow-device {device_id}` to allow the device to
# interface with the system
enable =
lib.mkEnableOption "enable usbguard module and only install usbguard";
serviceEnable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "explicitly enable the usbguard service";
};
rules = lib.mkOption {
type = lib.types.str;
default = "";
description =
"usbguard rules for default devices which are allowed to be connected";
};
};
config = lib.mkIf config.snowflake.core.usbguard.enable {
environment.systemPackages = with pkgs; [ usbguard ];
services.usbguard.enable = config.snowflake.core.usbguard.serviceEnable;
services.usbguard.rules = config.snowflake.core.usbguard.rules;
};
}

75
nix/modules/nixos/hardware/default.nix Normal file
View file

@ -0,0 +1,75 @@
{ config, lib, ... }: {
options.snowflake.hardware = {
isEfi =
lib.mkEnableOption "pick systemd-boot if an EFI system or grub otherwise";
diskDevice = lib.mkOption {
type = lib.types.str;
description = "path to disk device eg. /dev/sda";
};
isInitrdLuksUnlockingEnabled =
lib.mkEnableOption "enable SSH in initrd to remotely unlock LUKS device";
xbootldrMountPoint = lib.mkOption {
type = lib.types.str;
default = "";
description = "mount point for boot";
};
efiSysMountPoint = lib.mkOption {
type = lib.types.str;
default = "";
description = "mount point for efi";
};
};
config = {
boot = {
loader = if config.snowflake.hardware.isEfi then {
systemd-boot = {
enable = true;
xbootldrMountPoint =
if config.snowflake.hardware.xbootldrMountPoint != "" then
config.snowflake.hardware.xbootldrMountPoint
else
null;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint =
if config.snowflake.hardware.efiSysMountPoint != "" then
config.snowflake.hardware.efiSysMountPoint
else
"/boot";
};
} else {
grub = {
enable = true;
device = config.snowflake.hardware.diskDevice;
useOSProber = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
};
# Enable remote LUKS unlocking. This allows remote SSH to unlock LUKS
# encrypted root. $ ssh root@<ip> While in the shell, run
# `cryptsetup-askpass` to trigger the unlock prompt.
initrd = lib.mkIf config.snowflake.hardware.isInitrdLuksUnlockingEnabled {
network = {
flushBeforeStage2 = true;
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
# Use DHCP to figure out the IP address.
kernelParams =
lib.mkIf config.snowflake.hardware.isInitrdLuksUnlockingEnabled
[ "ip=dhcp" ];
};
};
}

17
nix/modules/nixos/hardware/laptop/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }: {
options.snowflake.hardware.laptop = {
enable = lib.mkEnableOption "enable laptop module";
lidSwitch = lib.mkOption {
type = lib.types.str;
default = "ignore";
description = "action to take on lidSwitch (lid close / open)";
};
};
config = lib.mkIf config.snowflake.hardware.laptop.enable {
# prevent sleeping on lid close
# NOTE: this only works after a reboot
services.logind.lidSwitch = config.snowflake.hardware.laptop.lidSwitch;
};
}

45
nix/modules/nixos/hardware/nvidia/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, lib, ... }: {
options.snowflake.hardware.nvidia = {
enable = lib.mkEnableOption "enable nvidia";
};
config = lib.mkIf config.snowflake.hardware.nvidia.enable {
# Enable OpenGL
hardware.graphics.enable = true;
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};
}

9
nix/modules/nixos/networking/netbird/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, ... }: {
options.snowflake.networking.netbirdClient = {
enable = lib.mkEnableOption "enable netbird client";
};
config = lib.mkIf config.snowflake.networking.netbirdClient.enable {
services.netbird.enable = true;
};
}

14
nix/modules/nixos/networking/networkmanager/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }: {
options.snowflake.networking.networkmanager = {
enable = lib.mkEnableOption "enable networkmanager";
};
config = lib.mkIf config.snowflake.networking.networkmanager.enable {
networking.networkmanager.enable = true;
networking.networkmanager.insertNameservers = [
"1.1.1.1" # cloudflare
"8.8.8.8" # google
"8.8.4.4" # google
];
};
}

18
nix/modules/nixos/networking/wakeonlan/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, ... }: {
options.snowflake.networking.wakeOnLan = {
enable = lib.mkEnableOption "enable wake on LAN";
interface = lib.mkOption {
type = lib.types.str;
description = "interface name for wakeon lan";
};
};
config = lib.mkIf config.snowflake.networking.wakeOnLan.enable {
# will start working on the 2nd reboot
networking.interfaces = {
"${config.snowflake.networking.wakeOnLan.interface}" = {
wakeOnLan.enable = true;
};
};
};
}

17
nix/modules/nixos/services/asus/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }: {
options.snowflake.services.asus.enable =
lib.mkEnableOption "enable asus specific modules";
config = lib.mkIf config.snowflake.services.asus.enable {
# specific to Asus laptop
# already included in flake.nix from https://github.com/NixOS/nixos-hardware/blob/master/asus/zephyrus/ga402x/shared.nix still overwiting it
# source: https://asus-linux.org/guides/nixos/
services = {
supergfxd.enable = true;
asusd = {
enable = true;
enableUserService = true;
};
};
};
}

10
nix/modules/nixos/services/cloud-init/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, ... }: {
options.snowflake.services.cloud-init.enable =
lib.mkEnableOption "enable cloud-init module";
config = lib.mkIf config.snowflake.services.cloud-init.enable {
services.cloud-init.enable = true;
systemd.services.cloud-config.serviceConfig = { Restart = "on-failure"; };
services.cloud-init.network.enable = true;
};
}

114
nix/modules/nixos/services/containerised/clickhouse/config.xml Normal file
View file

@ -0,0 +1,114 @@
<clickhouse>
<!-- Listen wildcard address to allow accepting connections from other containers and host network. -->
<listen_host>::</listen_host>
<listen_host>0.0.0.0</listen_host>
<listen_try>1</listen_try>
<!--
<logger>
<console>1</console>
</logger>
-->
<keeper_server>
<tcp_port>9181</tcp_port>
<server_id>${SERVER_ID}</server_id>
<log_storage_path>/var/lib/clickhouse/coordination/log</log_storage_path>
<snapshot_storage_path>/var/lib/clickhouse/coordination/snapshots</snapshot_storage_path>
<coordination_settings>
<operation_timeout_ms>10000</operation_timeout_ms>
<session_timeout_ms>30000</session_timeout_ms>
<raft_logs_level>trace</raft_logs_level>
</coordination_settings>
<raft_configuration>
<server>
<id>1</id>
<hostname>clickhouse-blue-1</hostname>
<port>9234</port>
</server>
<server>
<id>2</id>
<hostname>clickhouse-blue-2</hostname>
<port>9234</port>
</server>
<server>
<id>3</id>
<hostname>clickhouse-green-1</hostname>
<port>9234</port>
</server>
</raft_configuration>
</keeper_server>
<distributed_ddl>
<path>/clickhouse/task_queue/ddl</path>
</distributed_ddl>
<macros>
<cluster>events</cluster>
<shard>${SHARD}</shard>
<replica>${REPLICA}</replica>
</macros>
<remote_servers>
<events>
<shard>
<internal_replication>true</internal_replication>
<replica>
<host>clickhouse-blue-1</host>
<port>9000</port>
</replica>
<replica>
<host>clickhouse-blue-2</host>
<port>9000</port>
</replica>
</shard>
<shard>
<internal_replication>true</internal_replication>
<replica>
<host>clickhouse-green-1</host>
<port>9000</port>
</replica>
<replica>
<host>clickhouse-green-2</host>
<port>9000</port>
</replica>
</shard>
<shard>
<internal_replication>true</internal_replication>
<replica>
<host>clickhouse-orange-1</host>
<port>9000</port>
</replica>
<replica>
<host>clickhouse-orange-2</host>
<port>9000</port>
</replica>
</shard>
</events>
</remote_servers>
<zookeeper>
<node index="1">
<host>clickhouse-blue-1</host>
<port>9181</port>
</node>
<node index="2">
<host>clickhouse-blue-2</host>
<port>9181</port>
</node>
<node index="3">
<host>clickhouse-green-1</host>
<port>9181</port>
</node>
</zookeeper>
</clickhouse>

41
nix/modules/nixos/services/containerised/clickhouse/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.clickhouse = {
enable = lib.mkEnableOption "enable clickhouse";
servers = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
version = lib.mkOption {
type = lib.types.str;
description = "clickhouse version to use";
};
ports = {
native = lib.mkOption { type = lib.types.port; };
http = lib.mkOption { type = lib.types.port; };
keeper = lib.mkOption { type = lib.types.port; };
};
};
});
};
};
config = lib.mkIf config.snowflake.services.containerised.clickhouse.enable {
virtualisation.oci-containers.containers = lib.mapAttrs
(clickhouseName: clickhouseCfg: {
autoStart = true;
image =
"docker.io/clickhouse/clickhouse-server:${clickhouseCfg.version}";
volumes = [
"/var/lib/clickhouse/${clickhouseName}/data:/var/lib/clickhouse"
"/var/lib/clickhouse/${clickhouseName}/config/:/etc/clickhouse-server/config.d/"
];
ports = [
"127.0.0.1:${builtins.toString clickhouseCfg.ports.native}:9000"
"127.0.0.1:${builtins.toString clickhouseCfg.ports.http}:8123"
"127.0.0.1:${builtins.toString clickhouseCfg.ports.keeper}:9181"
];
extraOptions =
[ "--ulimit=nofile=262144:262144" "--ulimit=nproc=65535" ];
}) config.snowflake.services.containerised.clickhouse.servers;
};
}

2
nix/modules/nixos/services/containerised/default.nix Normal file
View file

@ -0,0 +1,2 @@
{ ... }: { config = { virtualisation.oci-containers.backend = "docker"; }; }

31
nix/modules/nixos/services/containerised/envoy/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.envoy = {
enable = lib.mkEnableOption "enable envoy";
version = lib.mkOption {
type = lib.types.str;
description = "envoy version to use";
};
ports = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "ports to expose";
};
configSource = lib.mkOption {
type = lib.types.path;
description = "envoy config";
};
};
config = lib.mkIf config.snowflake.services.containerised.envoy.enable {
environment.etc."envoy/envoy.yaml".source =
config.snowflake.services.containerised.envoy.configSource;
virtualisation.oci-containers.containers.envoy = {
autoStart = true;
image =
"docker.io/envoyproxy/envoy:${config.snowflake.services.containerised.envoy.version}";
ports = config.snowflake.services.containerised.envoy.ports;
volumes = [ "/etc/envoy/envoy.yaml:/etc/envoy/envoy.yaml:ro" ];
};
};
}

36
nix/modules/nixos/services/containerised/gokapi/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.gokapi = {
enable = lib.mkEnableOption "enable gokapi";
domain = lib.mkOption {
type = lib.types.str;
description = "domain name to host gokapi on";
};
version = lib.mkOption {
type = lib.types.str;
description = "gokapi version to use";
};
};
config = lib.mkIf config.snowflake.services.containerised.gokapi.enable {
virtualisation.oci-containers.containers.gokapi = {
autoStart = true;
image =
"docker.io/f0rc3/gokapi:${config.snowflake.services.containerised.gokapi.version}";
volumes = [
"/var/lib/gokapi/data:/app/data"
"/var/lib/gokapi/config:/app/config"
];
ports = [ "127.0.0.1:53842:53842" ];
};
services.nginx.virtualHosts."${config.snowflake.services.containerised.gokapi.domain}" =
{
serverName = config.snowflake.services.containerised.gokapi.domain;
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:53842/"; };
};
};
}

36
nix/modules/nixos/services/containerised/imgproxy/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.imgproxy = {
enable = lib.mkEnableOption "enable imgproxy";
domain = lib.mkOption {
type = lib.types.str;
description = "domain name to host imgproxy on";
};
version = lib.mkOption {
type = lib.types.str;
description = "imgproxy version to use";
};
};
config = lib.mkIf config.snowflake.services.containerised.imgproxy.enable {
virtualisation.oci-containers.containers.imgproxy = {
autoStart = true;
image =
"docker.io/darthsim/imgproxy:${config.snowflake.services.containerised.imgproxy.version}";
ports = [ "127.0.0.1:8080:8080" ];
environment = {
IMGPROXY_MAX_ANIMATION_FRAMES = "10";
IMGPROXY_USER_AGENT = "Mozilla/5.0";
};
};
services.nginx.virtualHosts."${config.snowflake.services.containerised.imgproxy.domain}" =
{
serverName = config.snowflake.services.containerised.imgproxy.domain;
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:8080/"; };
};
};
}

15
nix/modules/nixos/services/containerised/nvsample/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.nvsample = {
enable = lib.mkEnableOption "enable nvsample";
};
config = lib.mkIf config.snowflake.services.containerised.nvsample.enable {
virtualisation.oci-containers.containers.nvsample = {
autoStart = true;
cmd = [ "-c" "while true; do nvidia-smi; sleep 1; done" ];
entrypoint = "sh";
image = "docker.io/ubuntu";
extraOptions = [ "--device=nvidia.com/gpu=all" ];
};
};
}

317
nix/modules/nixos/services/containerised/qdrant/config.yaml Normal file
View file

@ -0,0 +1,317 @@
log_level: INFO
# Logging configuration
# Qdrant logs to stdout. You may configure to also write logs to a file on disk.
# Be aware that this file may grow indefinitely.
# logger:
# on_disk:
# enabled: true
# log_file: path/to/log/file.log
# log_level: INFO
storage:
# Where to store all the data
storage_path: ./storage
# Where to store snapshots
snapshots_path: ./snapshots
snapshots_config:
# "local" or "s3" - where to store snapshots
snapshots_storage: local
# s3_config:
# bucket: ""
# region: ""
# access_key: ""
# secret_key: ""
# Where to store temporary files
# If null, temporary snapshot are stored in: storage/snapshots_temp/
temp_path: null
# If true - point's payload will not be stored in memory.
# It will be read from the disk every time it is requested.
# This setting saves RAM by (slightly) increasing the response time.
# Note: those payload values that are involved in filtering and are indexed - remain in RAM.
on_disk_payload: true
# Maximum number of concurrent updates to shard replicas
# If `null` - maximum concurrency is used.
update_concurrency: null
# Write-ahead-log related configuration
wal:
# Size of a single WAL segment
wal_capacity_mb: 32
# Number of WAL segments to create ahead of actual data requirement
wal_segments_ahead: 0
# Normal node - receives all updates and answers all queries
node_type: "Normal"
# Listener node - receives all updates, but does not answer search/read queries
# Useful for setting up a dedicated backup node
# node_type: "Listener"
performance:
# Number of parallel threads used for search operations. If 0 - auto selection.
max_search_threads: 0
# Max number of threads (jobs) for running optimizations across all collections, each thread runs one job.
# If 0 - have no limit and choose dynamically to saturate CPU.
# Note: each optimization job will also use `max_indexing_threads` threads by itself for index building.
max_optimization_threads: 0
# CPU budget, how many CPUs (threads) to allocate for an optimization job.
# If 0 - auto selection, keep 1 or more CPUs unallocated depending on CPU size
# If negative - subtract this number of CPUs from the available CPUs.
# If positive - use this exact number of CPUs.
optimizer_cpu_budget: 0
# Prevent DDoS of too many concurrent updates in distributed mode.
# One external update usually triggers multiple internal updates, which breaks internal
# timings. For example, the health check timing and consensus timing.
# If null - auto selection.
update_rate_limit: null
# Limit for number of incoming automatic shard transfers per collection on this node, does not affect user-requested transfers.
# The same value should be used on all nodes in a cluster.
# Default is to allow 1 transfer.
# If null - allow unlimited transfers.
#incoming_shard_transfers_limit: 1
# Limit for number of outgoing automatic shard transfers per collection on this node, does not affect user-requested transfers.
# The same value should be used on all nodes in a cluster.
# Default is to allow 1 transfer.
# If null - allow unlimited transfers.
#outgoing_shard_transfers_limit: 1
# Enable async scorer which uses io_uring when rescoring.
# Only supported on Linux, must be enabled in your kernel.
# See: <https://qdrant.tech/articles/io_uring/#and-what-about-qdrant>
#async_scorer: false
optimizers:
# The minimal fraction of deleted vectors in a segment, required to perform segment optimization
deleted_threshold: 0.2
# The minimal number of vectors in a segment, required to perform segment optimization
vacuum_min_vector_number: 1000
# Target amount of segments optimizer will try to keep.
# Real amount of segments may vary depending on multiple parameters:
# - Amount of stored points
# - Current write RPS
#
# It is recommended to select default number of segments as a factor of the number of search threads,
# so that each segment would be handled evenly by one of the threads.
# If `default_segment_number = 0`, will be automatically selected by the number of available CPUs
default_segment_number: 0
# Do not create segments larger this size (in KiloBytes).
# Large segments might require disproportionately long indexation times,
# therefore it makes sense to limit the size of segments.
#
# If indexation speed have more priority for your - make this parameter lower.
# If search speed is more important - make this parameter higher.
# Note: 1Kb = 1 vector of size 256
# If not set, will be automatically selected considering the number of available CPUs.
max_segment_size_kb: null
# Maximum size (in KiloBytes) of vectors to store in-memory per segment.
# Segments larger than this threshold will be stored as read-only memmaped file.
# To enable memmap storage, lower the threshold
# Note: 1Kb = 1 vector of size 256
# To explicitly disable mmap optimization, set to `0`.
# If not set, will be disabled by default.
memmap_threshold_kb: null
# Maximum size (in KiloBytes) of vectors allowed for plain index.
# Default value based on https://github.com/google-research/google-research/blob/master/scann/docs/algorithms.md
# Note: 1Kb = 1 vector of size 256
# To explicitly disable vector indexing, set to `0`.
# If not set, the default value will be used.
indexing_threshold_kb: 20000
# Interval between forced flushes.
flush_interval_sec: 5
# Max number of threads (jobs) for running optimizations per shard.
# Note: each optimization job will also use `max_indexing_threads` threads by itself for index building.
# If null - have no limit and choose dynamically to saturate CPU.
# If 0 - no optimization threads, optimizations will be disabled.
max_optimization_threads: null
# This section has the same options as 'optimizers' above. All values specified here will overwrite the collections
# optimizers configs regardless of the config above and the options specified at collection creation.
#optimizers_overwrite:
# deleted_threshold: 0.2
# vacuum_min_vector_number: 1000
# default_segment_number: 0
# max_segment_size_kb: null
# memmap_threshold_kb: null
# indexing_threshold_kb: 20000
# flush_interval_sec: 5
# max_optimization_threads: null
# Default parameters of HNSW Index. Could be overridden for each collection or named vector individually
hnsw_index:
# Number of edges per node in the index graph. Larger the value - more accurate the search, more space required.
m: 16
# Number of neighbours to consider during the index building. Larger the value - more accurate the search, more time required to build index.
ef_construct: 100
# Minimal size (in KiloBytes) of vectors for additional payload-based indexing.
# If payload chunk is smaller than `full_scan_threshold_kb` additional indexing won't be used -
# in this case full-scan search should be preferred by query planner and additional indexing is not required.
# Note: 1Kb = 1 vector of size 256
full_scan_threshold_kb: 10000
# Number of parallel threads used for background index building.
# If 0 - automatically select.
# Best to keep between 8 and 16 to prevent likelihood of building broken/inefficient HNSW graphs.
# On small CPUs, less threads are used.
max_indexing_threads: 0
# Store HNSW index on disk. If set to false, index will be stored in RAM. Default: false
on_disk: false
# Custom M param for hnsw graph built for payload index. If not set, default M will be used.
payload_m: null
# Default shard transfer method to use if none is defined.
# If null - don't have a shard transfer preference, choose automatically.
# If stream_records, snapshot or wal_delta - prefer this specific method.
# More info: https://qdrant.tech/documentation/guides/distributed_deployment/#shard-transfer-method
shard_transfer_method: null
# Default parameters for collections
collection:
# Number of replicas of each shard that network tries to maintain
replication_factor: 2
# How many replicas should apply the operation for us to consider it successful
write_consistency_factor: 1
# Default parameters for vectors.
vectors:
# Whether vectors should be stored in memory or on disk.
on_disk: null
# shard_number_per_node: 1
# Default quantization configuration.
# More info: https://qdrant.tech/documentation/guides/quantization
quantization: null
# Default strict mode parameters for newly created collections.
strict_mode:
# Whether strict mode is enabled for a collection or not.
enabled: false
# Max allowed `limit` parameter for all APIs that don't have their own max limit.
max_query_limit: null
# Max allowed `timeout` parameter.
max_timeout: null
# Allow usage of unindexed fields in retrieval based (eg. search) filters.
unindexed_filtering_retrieve: null
# Allow usage of unindexed fields in filtered updates (eg. delete by payload).
unindexed_filtering_update: null
# Max HNSW value allowed in search parameters.
search_max_hnsw_ef: null
# Whether exact search is allowed or not.
search_allow_exact: null
# Max oversampling value allowed in search.
search_max_oversampling: null
service:
# Maximum size of POST data in a single request in megabytes
max_request_size_mb: 32
# Number of parallel workers used for serving the api. If 0 - equal to the number of available cores.
# If missing - Same as storage.max_search_threads
max_workers: 0
# Host to bind the service on
host: 0.0.0.0
# HTTP(S) port to bind the service on
http_port: 6333
# gRPC port to bind the service on.
# If `null` - gRPC is disabled. Default: null
# Comment to disable gRPC:
grpc_port: null
# Enable CORS headers in REST API.
# If enabled, browsers would be allowed to query REST endpoints regardless of query origin.
# More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
# Default: true
enable_cors: true
# Enable HTTPS for the REST and gRPC API
enable_tls: false
# Check user HTTPS client certificate against CA file specified in tls config
verify_https_client_certificate: false
# Set an api-key.
# If set, all requests must include a header with the api-key.
# example header: `api-key: <API-KEY>`
#
# If you enable this you should also enable TLS.
# (Either above or via an external service like nginx.)
# Sending an api-key over an unencrypted channel is insecure.
#
# Uncomment to enable.
# api_key: your_secret_api_key_here
# Set an api-key for read-only operations.
# If set, all requests must include a header with the api-key.
# example header: `api-key: <API-KEY>`
#
# If you enable this you should also enable TLS.
# (Either above or via an external service like nginx.)
# Sending an api-key over an unencrypted channel is insecure.
#
# Uncomment to enable.
# read_only_api_key: your_secret_read_only_api_key_here
# Uncomment to enable JWT Role Based Access Control (RBAC).
# If enabled, you can generate JWT tokens with fine-grained rules for access control.
# Use generated token instead of API key.
#
# jwt_rbac: true
cluster:
# Use `enabled: true` to run Qdrant in distributed deployment mode
enabled: true
# Configuration of the inter-cluster communication
p2p:
# Port for internal communication between peers
port: 6335
# Use TLS for communication between peers
enable_tls: false
# Configuration related to distributed consensus algorithm
consensus:
# How frequently peers should ping each other.
# Setting this parameter to lower value will allow consensus
# to detect disconnected nodes earlier, but too frequent
# tick period may create significant network and CPU overhead.
# We encourage you NOT to change this parameter unless you know what you are doing.
tick_period_ms: 100
# Set to true to prevent service from sending usage statistics to the developers.
# Read more: https://qdrant.tech/documentation/guides/telemetry
telemetry_disabled: true

44
nix/modules/nixos/services/containerised/qdrant/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.qdrant = {
enable = lib.mkEnableOption "enable qdrant";
version = lib.mkOption {
type = lib.types.str;
description = "qdrant version to use";
};
uri = lib.mkOption {
type = lib.types.str;
description = "domain name to host qdrant on";
};
bootstrap = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "bootstrap name for qdrant cluster";
};
};
config = lib.mkIf config.snowflake.services.containerised.qdrant.enable {
environment.etc."qdrant/config.yaml".source = ./config.yaml;
virtualisation.oci-containers.containers.qdrant = {
autoStart = true;
image =
"docker.io/qdrant/qdrant:${config.snowflake.services.containerised.qdrant.version}";
ports = [
"6333:6333" # REST API + Web UI
# "6333:6333" # GRPC API - unused
"6335:6335" # p2p API for cluster communication
];
volumes = [
"/mnt/disk1/storage:/qdrant/storage"
"/etc/qdrant/config.yaml:/qdrant/config/config.yaml:ro"
];
cmd = [
"./qdrant"
"--uri=http://${config.snowflake.services.containerised.qdrant.uri}:6335"
] ++ lib.optional
(config.snowflake.services.containerised.qdrant.bootstrap != null)
"--bootstrap=http://${config.snowflake.services.containerised.qdrant.bootstrap}:6335";
};
};
}

39
nix/modules/nixos/services/containerised/traefik/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, ... }: {
options.snowflake.services.containerised.traefik = {
enable = lib.mkEnableOption "enable traefik";
version = lib.mkOption {
type = lib.types.str;
description = "traefik version to use";
};
ports = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "ports to expose";
};
configSource = lib.mkOption {
type = lib.types.path;
description = "traefik config";
};
environment = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "traefik config";
};
};
config = lib.mkIf config.snowflake.services.containerised.traefik.enable {
environment.etc."traefik/traefik.yml".source =
config.snowflake.services.containerised.traefik.configSource;
virtualisation.oci-containers.containers.traefik = {
autoStart = true;
image =
"docker.io/traefik:${config.snowflake.services.containerised.traefik.version}";
ports = config.snowflake.services.containerised.traefik.ports;
volumes = [
"/etc/traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
"/etc/letsencrypt/:/etc/letsencrypt/"
];
environment = config.snowflake.services.containerised.traefik.environment;
};
};
}

13
nix/modules/nixos/services/frp/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, lib, ... }: {
options.snowflake.services.frp = {
enable = lib.mkEnableOption "enable frp";
};
config = lib.mkIf config.snowflake.services.frp.enable {
services.frp = {
enable = true;
role = "server";
settings = { bindPort = 7001; };
};
};
}

26
nix/modules/nixos/services/gotenberg/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }: {
options.snowflake.services.gotenberg = {
enable = lib.mkEnableOption "enable gotenberg";
};
config = lib.mkIf config.snowflake.services.gotenberg.enable {
# gottenberg systemctl service is failing for some reason
# running the Exec function manually works, however the service fails
# need to debug deeper
services.gotenberg = {
enable = true;
port = 3000;
chromium.package = pkgs.ungoogled-chromium;
chromium.disableJavascript = true;
libreoffice.package = pkgs.libreoffice;
logLevel = "debug";
# this doesn't work: https://github.com/NixOS/nixpkgs/issues/340447
extraArgs = [ "--chromium-allow-list=file:///tmp/.*" ];
};
environment.systemPackages = with pkgs; [ ungoogled-chromium libreoffice ];
};
}

43
nix/modules/nixos/services/nginx/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, ... }: {
options.snowflake.services.nginx = {
enable = lib.mkEnableOption "enable nginx";
acmeEmail = lib.mkOption {
type = lib.types.str;
description = "email address ACME for nginx";
};
clientMaxBodySize = lib.mkOption {
type = lib.types.str;
default = "10m";
};
};
config = lib.mkIf config.snowflake.services.nginx.enable {
security.acme.defaults.email = config.snowflake.services.nginx.acmeEmail;
security.acme.acceptTerms = true;
security.dhparams = {
enable = true;
params.nginx = { };
};
services.nginx = {
enable = true;
clientMaxBodySize = config.snowflake.services.nginx.clientMaxBodySize;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
sslDhparam = config.security.dhparams.params.nginx.path;
# Disable default_server access and return HTTP 444.
appendHttpConfig = ''
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_reject_handshake on;
return 444;
}
'';
};
};
}

73
nix/modules/nixos/services/openvpn/default.nix Normal file
View file

@ -0,0 +1,73 @@
{ config, pkgs, lib, ... }: {
options.snowflake.services.openvpn.enable =
lib.mkEnableOption "enable openvpn";
config = let
# generate via `openvpn --genkey secret openvpn-laptop.key`
client-key = "/root/openvpn-laptop.key";
domain = "nixvpn.codingcoffee.me";
vpn-dev = "tun0";
port = 443;
in lib.mkIf config.snowflake.services.openvpn.enable {
# sudo systemctl start nat
networking.nat = {
enable = true;
externalInterface = lib.mkDefault "enp1s0";
internalInterfaces = [ vpn-dev ];
};
networking.firewall.trustedInterfaces = [ vpn-dev ];
# networking.firewall.allowedUDPPorts = [ port ];
networking.firewall.allowedTCPPorts = [ port ];
environment.systemPackages = [ pkgs.openvpn ]; # for key generation
services.openvpn.servers.smartphone.config = ''
dev ${vpn-dev}
proto tcp-server
ifconfig 10.8.0.1 10.8.0.2
secret ${client-key}
port ${toString port}
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
'';
environment.etc."openvpn/smartphone-client.ovpn" = {
text = ''
dev tun
proto tcp-client
remote "${domain}"
ifconfig 10.8.0.2 10.8.0.1
port ${toString port}
redirect-gateway def1
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
resolv-retry infinite
nobind
persist-key
persist-tun
secret [inline]
'';
mode = "600";
};
system.activationScripts.openvpn-addkey = ''
f="/etc/openvpn/smartphone-client.ovpn"
if ! grep -q '<secret>' $f; then
echo "appending secret key"
echo "<secret>" >> $f
cat ${client-key} >> $f
echo "</secret>" >> $f
fi
'';
};
}

55
nix/modules/nixos/services/paperless/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, ... }: {
options.snowflake.services.paperless = {
enable = lib.mkEnableOption "enable paperless";
domain = lib.mkOption {
type = lib.types.str;
description = "domain name to host paperless on";
};
};
config = lib.mkIf config.snowflake.services.paperless.enable {
services.paperless = {
enable = true;
user = "paperless";
port = 28981;
dataDir = "/var/lib/paperless";
address = "localhost";
passwordFile = "/root/paperless-password";
settings = {
PAPERLESS_CONSUMER_IGNORE_PATTERN = [ ".DS_STORE/*" "desktop.ini" ];
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
PAPERLESS_OCR_LANGUAGE = "eng+fra+nld+ita+spa+cat";
PAPERLESS_URL = config.snowflake.services.paperless.domain;
PAPERLESS_ADMIN_USER = "admin";
# cannot use PAPERLESS_ADMIN_PASSWORD: https://github.com/NixOS/nixpkgs/issues/249767
# PAPERLESS_ADMIN_PASSWORD = "UWi303OcNd6Au7HlnFpf3D33aROuT1";
PAPERLESS_FILENAME_FORMAT = "{created_year}/{document_type}/{title}";
# config to enable tika + gotenberg, but is blocked on getting gotenberg
# to function
# PAPERLESS_TIKA_ENABLED = true;
# PAPERLESS_TIKA_ENDPOINT = "http://localhost:9998";
# PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:3000";
};
};
services.nginx.virtualHosts."${config.snowflake.services.paperless.domain}" =
{
serverName = config.snowflake.services.paperless.domain;
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
};
};
}

12
nix/modules/nixos/services/postgres/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, ... }: {
options.snowflake.services.postgresql = {
enable = lib.mkEnableOption "enable postgresql";
};
config = lib.mkIf config.snowflake.services.postgresql.enable {
services.postgresql = {
enable = true;
settings = { port = 5432; };
};
};
}

28
nix/modules/nixos/services/redis/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, ... }: {
options.snowflake.services.redis = {
enable = lib.mkEnableOption "Enable redis configuration";
servers = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "whether to enable this particular redis server.";
};
port = lib.mkOption {
type = lib.types.port;
description = "port number to host this redis on.";
};
};
});
};
};
config = lib.mkIf config.snowflake.services.redis.enable {
services.redis.servers = lib.mapAttrs (redisname: redisCfg: {
enable = redisCfg.enable;
port = redisCfg.port;
}) config.snowflake.services.redis.servers;
};
}

38
nix/modules/nixos/services/restic/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, ... }: {
options.snowflake.services.restic = {
enable = lib.mkEnableOption "enable restic";
name = lib.mkOption {
type = lib.types.str;
description = "name to backup under, preferably use hostname";
};
};
config = lib.mkIf config.snowflake.services.restic.enable {
# TODO: potentially use a security wrapper on the restic binay, instead of
# running it as root
services.restic.backups = {
kryo = {
user = "root";
repository =
"sftp:cc@kryo.v2.n1.codingcoffee.me:/home/cc/${config.snowflake.services.restic.name}-backup";
initialize =
true; # initializes the repo, don't set if you want manual control
timerConfig = {
# backup daily
OnCalendar = "daily";
# to take care of backup if system was turned off during designated
# backup time
Persistent = true;
};
passwordFile = "/home/cc/.dotfiles/nix/conf/restic/password";
extraBackupArgs = [
# "--dry-run"
"--exclude-file=/home/cc/.dotfiles/autorestic/.autoresticignore"
];
pruneOpts = [ "--keep-last 10" ];
paths = [ "/home/cc" ];
};
};
};
}

49
nix/modules/nixos/services/syncthing/default.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, lib, ... }: {
options.snowflake.services.syncthing = {
enable = lib.mkEnableOption "enable garbage collection";
password = lib.mkOption { type = lib.types.str; };
user = lib.mkOption { type = lib.types.str; };
dataDir = lib.mkOption { type = lib.types.str; };
configDir = lib.mkOption { type = lib.types.str; };
};
config = lib.mkIf config.snowflake.services.syncthing.enable {
services = {
syncthing = {
enable = true;
user = config.snowflake.services.syncthing.user;
dataDir = config.snowflake.services.syncthing.dataDir;
configDir = config.snowflake.services.syncthing.configDir;
overrideDevices =
false; # overrides any devices added or deleted through the WebUI
overrideFolders =
false; # overrides any folders added or deleted through the WebUI
settings = {
options = {
urAccepted = -1; # prevent reporting anonymous usage analytics
};
gui = {
user = config.snowflake.services.syncthing.user;
password = config.snowflake.services.syncthing.password;
};
# unable to get the devices and folders bit working concistently.
# hence choosing to not do it manually for now
# reproducibility is the core issue, syncthing after every load asks if it can add the new device
# and it doesn't even request a sync of the folder
# devices = {
# "Kryo" = {
# id = "7EDU5MA-M3FEL4F-QWA35PH-MMW2KAL-6GS5CSH-2P7EIW0-4ZQNL37-I5F7CAM";
# };
# };
# folders = {
# "pkb-personal" = { # Name of folder in Syncthing, also the folder ID
# id = "kj6tu-lfx9f";
# path = "/home/cc/.pkb/personal"; # Which folder to add to Syncthing
# devices = [ "Kryo" ]; # Which devices to share the folder with
# };
# };
};
};
};
};
}

14
nix/modules/nixos/services/tika/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }: {
options.snowflake.services.tika = {
enable = lib.mkEnableOption "enable tika";
};
config = lib.mkIf config.snowflake.services.tika.enable {
services.tika = {
enable = true;
listenAddress = "127.0.0.1";
port = 9998;
enableOcr = true;
};
};
}

64
nix/modules/nixos/user/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, lib, ... }: {
options.snowflake.user = {
enable = lib.mkEnableOption "Enable user configuration";
users = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options = {
isNormalUser = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether the user is a normal user.";
};
shell = lib.mkOption {
type = lib.types.package;
description = "the shell package for the user.";
};
description = lib.mkOption {
type = lib.types.str;
description = "full name for the user.";
};
extraGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "system groups to add this user to.";
};
initialHashedPassword = lib.mkOption {
type = lib.types.str;
description =
"hashed password for the user, can be generated using `mkpasswd -m bcrypt -R 10`";
};
authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "SSH authorized keys for the user.";
};
};
});
};
};
config = lib.mkIf config.snowflake.user.enable {
# make users immutable
users.mutableUsers = false;
# Configure the user account.
# NOTE: hashedPasswordFile has an issue. If the auth method is changed from `hashedPassword`
# to `hashedPasswordFile`, /etc/shadow gets messed up and login does not work. To fix this
# we need to remove all the users' entries from /etc/shadow and run nixos-rebuild. Seems to be
# a one-time thing.
# ref: https://github.com/NixOS/nixpkgs/issues/99433
users.users = lib.mapAttrs (username: userCfg: {
isNormalUser = userCfg.isNormalUser;
shell = userCfg.shell;
description = userCfg.description;
extraGroups = userCfg.extraGroups;
initialHashedPassword = userCfg.initialHashedPassword;
openssh.authorizedKeys.keys = userCfg.authorizedKeys;
}) config.snowflake.user.users;
};
}

24
nix/modules/nixos/virtualisation/docker/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, ... }: {
options.snowflake.virtualisation.docker = {
enable = lib.mkEnableOption "enable docker daemon";
extraOptions = lib.mkOption {
type = lib.types.str;
default = "";
description = "extra options to pass to docker compose";
};
# Notes: You can use the following command to use GPU inside docker container
# docker run -it --rm --device nvidia.com/gpu=all ubuntu nvidia-smi
enableNvidia = lib.mkEnableOption "enable nvidia with docker";
};
config = lib.mkIf config.snowflake.virtualisation.docker.enable {
hardware.nvidia-container-toolkit.enable =
config.snowflake.virtualisation.docker.enableNvidia;
virtualisation = {
docker = {
enable = true;
extraOptions = config.snowflake.virtualisation.docker.extraOptions;
};
};
};
}

37
nix/modules/nixos/virtualisation/kvm/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }: {
options.snowflake.virtualisation.kvm.enable =
lib.mkEnableOption "enable kvm vms";
options.snowflake.virtualisation.kvm.ovmf.enable =
lib.mkEnableOption "enable ovmf module for vms";
config = lib.mkIf config.snowflake.virtualisation.kvm.enable {
# to enable nested virtualization
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1
'';
virtualisation = {
libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
ovmf = lib.mkIf config.snowflake.virtualisation.kvm.ovmf.enable {
enable = true;
packages = [
(pkgs.OVMF.override {
secureBoot = true;
tpmSupport = true;
}).fd
];
};
};
};
};
programs.virt-manager.enable = true;
};
}

28
nix/modules/nixos/workstation/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }: {
options.snowflake.workstation = {
enable = lib.mkEnableOption "enable workstation mode";
isDevMachine = lib.mkEnableOption "packages for coding development";
isOfficeMachine = lib.mkEnableOption "packages for doc processing";
isGamingMachine = lib.mkEnableOption "packages for gaming";
};
config = lib.mkIf config.snowflake.workstation.enable {
programs.zsh.enable = true;
# base packages required everywhere
environment = {
shells = with pkgs; [ bash zsh fish ];
systemPackages = with pkgs; [
# text editor
nano # fallback in case neovim fails
emacs # for orgmode
];
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
pinentryPackage = pkgs.pinentry-curses;
};
};
}

132
nix/modules/nixos/workstation/desktop/default.nix Normal file
View file

@ -0,0 +1,132 @@
{ config, lib, pkgs, ... }: {
options.snowflake.workstation.desktop = {
enable = lib.mkEnableOption "enable gnome desktop";
autoLoginUser = lib.mkOption {
type = lib.types.str;
description = "user to autostart gnome with";
};
};
config = lib.mkIf config.snowflake.workstation.desktop.enable {
# base packages required everywhere
environment = {
systemPackages = with pkgs; [
# video player
mpv
# ani-skip # to skip anime intros # doesn't work, hence removing
# file sharing
localsend
# libraries
x265 # HEVC support for firefox / mpv
];
gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gedit # text editor
cheese # webcam tool
gnome-terminal
epiphany # web browser
geary # email reader
totem # video player
gnome-calendar
gnome-music
gnome-characters
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
# prevent sleeping on lid close
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user =
config.snowflake.workstation.desktop.autoLoginUser;
# tap to click across app using libinput
services.libinput.enable = true;
services.libinput.touchpad.tapping = true;
# workaround for autologin - https://nixos.wiki/wiki/GNOME#automatic%20login
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
# swap Escape key with CapsLock (requires reboot, since done at system
# level), but this will not apply at user level in gnome since that is
# taken care of by gnome
# will only work in gdm right now as of writing this
xkb.options = "caps:swapescape";
xkb.variant = "";
};
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
# fira-code
fira-code-symbols
# jetbrains-mono # font for neovim
(nerdfonts.override { fonts = [ "FiraCode" "Iosevka" "JetBrainsMono" ]; })
];
# Enable Bluetooth
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
# mouse configurator
services.ratbagd.enable = true;
# higher openssh security
services.openssh = {
settings.PermitRootLogin = "no";
};
# Allow unfree packages
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
# sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
programs.dconf.enable = true;
# Enable OpenGL
hardware.graphics = {
enable = true;
enable32Bit = true;
};
services.fwupd.enable = true;
};
}

79
nix/modules/nixos/workstation/desktop/dev/default.nix Normal file
View file

@ -0,0 +1,79 @@
{ lib, config, pkgs, ... }: {
config = lib.mkIf config.snowflake.workstation.isDevMachine {
environment = {
systemPackages = with pkgs; [
## music
spotify
## flipper zero
qFlipper
## terminals
alacritty
kitty # fallback for wezterm
## messenger
telegram-desktop
## gnome
gnome-tweaks
dconf-editor
gnome-power-manager # for battery power stats
gnomeExtensions.forge
gnomeExtensions.just-perfection
gnomeExtensions.gsconnect
gnomeExtensions.launch-new-instance
gnomeExtensions.auto-move-windows
gnomeExtensions.bluetooth-battery
gnomeExtensions.net-speed-simplified
gnomeExtensions.gnome-bedtime # for grayscale screen
gnomeExtensions.caffeine # to prevent laptop from screen off temporarily
libnotify
## system libs
libGL # used while developing GUI apps for libgl1.so
xorg.xhost # to grant apps permission to use X display
# x11docker # to help run GUI apps from within docker. DO NOT USE. Sucks!
## audio
pavucontrol # fine grained control over what audio plays where
playerctl # cli version of pavucontrol of sorts, for use with scripts
sox
# easyeffects # uses deepfilternet, which is broken, hence removing this Ref: https://github.com/NixOS/nixpkgs/issues/335551
# rnnoise-plugin # bad experience, and battery drain
## anime
ani-cli # waiting for this PR to land in unstable -> https://nixpk.gs/pr-tracker.html?pr=337503
## design
# figma-linux # removing since its very laggy. firefox experience is much better
## kubernetes
seabird
## mouse
piper # gtk tool to configure logitech g502 mouse
## bluetooth
# bluez
# blueman
## api tooling
postman
## mongo dashboard
mongodb-compass
## redis tooling
# redisinsight
## automation
audio-recorder # downloaded for speech to text audio recording
xdotool # fake keyboard/mouse input, window management, and more
## color
eyedropper
];
};
};
}

12
nix/modules/nixos/workstation/desktop/gaming/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, config, pkgs, ... }: {
config = lib.mkIf config.snowflake.workstation.isGamingMachine {
environment = {
systemPackages = with pkgs; [
# gaming
bottles # wrapper over wine to wun Windows software and games on Linux
heroic # games launcher for GOG, Amazon and Epic Games
mangohud # Vulkan and OpenGL overlay for monitoring FPS, temperatures, CPU/GPU load and more during gaming
];
};
};
}

17
nix/modules/nixos/workstation/desktop/office/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ lib, config, pkgs, ... }: {
config = lib.mkIf config.snowflake.workstation.isOfficeMachine {
environment = {
systemPackages = with pkgs; [
# office suite
# TODO: use onlyoffice-desktopeditors, but its not working since for some reason its taking 24.04 version instead of nixos-unstable from nixpkgs. check why
onlyoffice-bin_latest
# libreoffice
libreoffice
hunspell
hunspellDicts.uk_UA
hunspellDicts.th_TH
];
};
};
}

153
nix/modules/nixos/workstation/dev/default.nix Normal file
View file

@ -0,0 +1,153 @@
{ lib, config, pkgs, ... }: {
config = lib.mkIf config.snowflake.workstation.isDevMachine {
environment = {
systemPackages = with pkgs; [
## system libs
gnumake # for Makefile executions
## terminal tools
dnsutils
git
zip
sshfs
glxinfo
lshw
stow
wl-clipboard
bc # basic calculator
htmlq # html parser like jq
litecli # for exploring sql databases in the cli
moreutils # for sponge to allow inplace editing using jq
xorg.xev
wev
unzip
arp-scan # for finding devices on network
## cli enhancers
ripgrep # grep in rust
eza # ls alternative
zoxide # cd alternative
difftastic # syntactic diff
## terminal multiplexer
tmux
tmuxinator # pre determined layout maker for tmux
## battery
powertop
## video player
yt-dlp # for mpv_quick
# # disabling streamlink because of build failure
# streamlink # cli for streaming from youtube or google drive
## torrent
# nodePackages.webtorrent-cli # commenting out, waiting on this issue: https://github.com/NixOS/nixpkgs/issues/321300
# qbittorrent # torrent
## kubernetes
kubectl
k9s
kubernetes-helm
cmctl # cert manager cli tool for k8s
kubelogin # for azure kubernetes login
atuin # shell history in sqlite
pinentry-curses # choosing this since it is the default package - https://search.nixos.org/options?channel=unstable&show=programs.gnupg.agent.pinentryPackage&from=0&size=50&sort=relevance&type=packages&query=programs.gnupg.agent.pinentryPackage
## neovim deps
tree-sitter # for parser
gcc # for neovim
fzf # terminal reverse search + nvim-telescope
fd # nvim-telescope
black # code formatter for python in neovim
isort # code formatter for python in neovim
nixpkgs-review # fore reviewing PRs
pyright # lsp server for python in neovim
nodePackages.prettier # code formatter for js/ts in neovim
pgformatter # code formatter for sql in neovim
jq # code formatter for json in neovim
lua-language-server # lsp for lua in neovim
stylua # code formatter for lua in neovim
nodePackages.fixjson # code formatter for json in neovim
shellcheck
shellharden
shfmt
ruff # code formatter for python in neovim
nodePackages.bash-language-server
vscode-langservers-extracted # lsp for markdown in neovim
dockerfile-language-server-nodejs # for dockerfiles
nodePackages.typescript-language-server # lsp for typescript in neovim
emmet-ls # lsp for tsx files in neovim
terraform-ls # lsp for terraform files in neovim
pciutils # for lspci
# rubocop # code formatter for ruby
## nix tools
nixd
nix-index
nixpkgs-fmt
nixfmt-classic
nvd # Nix/NixOS package version diff tool
## docker
# dive # to analyze container images # never used
## backups
restic
## work
# azure-cli # breaking because of some nacl modulenotfound error
azure-storage-azcopy # to create and push vhd image to azure
## emacs
ispell # dictionary for doom emacs
graphviz # for org-roam in doom emacs
sqlite # for lookup in doom emacs
## android
android-tools
## speech to text
ffmpeg
# openai-whisper # won't work with GPU because of mismatching version
# openai-whisper-cpp
## try out other OSes
# distrobox # useless, not using
## vpn tools
wireguard-tools
openvpn
## kvm
# libguestfs
# p7zip
# dmg2img
# tesseract
# cdrkit
# libvirt-glib
# red teaming
# mitmproxy # use in docker container
## marshal - ads
# oauth2l # interfacing with Google API
## devops
# terraformer # use in docker container
## bitwardel cli for secrets
bitwarden-cli
## cli
apacheHttpd # for htpasswd
aichat # for chatgpt in terminal
## removing as unable to use, will add back when can use it
# deepfilternet # for noise supressions
];
};
};
}

72
nix/modules/nixos/workstation/networking/profiles/default.nix Normal file
View file

@ -0,0 +1,72 @@
{ config, lib, ... }:
let
mkWifiProfile = { type, ssid, username, password, priority ? null }: {
connection = {
id = ssid;
permissions = "";
type = "wifi";
} // (if priority != null then {
autoconnect-priority = priority;
} else
{ });
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
inherit ssid;
};
wifi-security = { } // (if type == "wpa-psk" then {
key-mgmt = type;
auth-alg = "open";
psk = password;
} else if type == "wpa-eap" then {
key-mgmt = type;
} else
{ });
"802-1x" = { } // (if type == "wpa-eap" then {
eap = "peap";
identity = username;
password = password;
phase2-auth = "mschapv2";
} else
{ });
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
};
# List of WiFi networks
wifiNetworks = [
# Add more networks here as needed
{
type = "wpa-psk";
ssid = "SAMPLE_WIFI_NAME";
password = "SAMPLE_WIFI_PASSWORD";
priority = 20;
}
];
in {
options.snowflake.workstation.networking.profiles.enable =
lib.mkEnableOption "populate WiFi creds";
config = lib.mkIf config.snowflake.workstation.networking.profiles.enable {
networking.networkmanager.ensureProfiles.profiles = builtins.listToAttrs
(map (network: {
name = network.ssid;
value = mkWifiProfile {
type = network.type;
ssid = network.ssid;
username = network.username or null;
password = network.password;
priority = network.priority or null;
};
}) wifiNetworks);
};
}

11
nix/overlays/mpv/default.nix Normal file
View file

@ -0,0 +1,11 @@
_: _self: super: {
mpv = super.mpv.override {
scripts = [
super.mpvScripts.mpris # to play pause mpv with system keys
super.mpvScripts.uosc # required for thumbfast
super.mpvScripts.thumbfast # to show thumbnails on hover
super.mpvScripts.sponsorblock-minimal # to skip sponsor section while playing youtube links
super.mpvScripts.webtorrent-mpv-hook # to stream torrents
];
};
}

104
nix/systems/x86_64-linux/apollo/default.nix Normal file
View file

@ -0,0 +1,104 @@
{
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t480
];
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "apollo";
firewall = {
enable = true;
allowedTCPPorts = [
53317 # localsend
];
allowedUDPPorts = [
53317 # localsend
];
allowedTCPPortRanges = [
# KDE Connect
{
from = 1714;
to = 1764;
}
];
};
};
snowflake = {
locale = "en_US.UTF-8";
# Bhur@108
extraPackages = with pkgs; [ firefox ungoogled-chromium ];
core = {
openssh.enable = true;
latestKernel = true;
gc = true;
};
networking = {
networkmanager = { enable = true; };
netbird = { enable = true; };
};
hardware = {
isEfi = true;
xbootldrMountPoint = "/boot";
efiSysMountPoint = "/efi";
diskDevice = "/dev/nvme0n1";
isInitrdLuksUnlockingEnabled = true;
};
workstation = {
enable = true;
desktop = {
enable = true;
autoLoginUser = "girish";
};
isOfficeMachine = true;
networking.profiles.enable = true;
};
user = {
enable = true;
users = {
girish = {
isNormalUser = true;
shell = pkgs.bash;
description = "Girish Shenoy";
extraGroups = [
"audio"
"networkmanager" # for modifying WiFi without sudo
"input"
];
initialHashedPassword =
"$2b$10$2WDIg5cJVcAUhUNLdDOC2.jgh81Xdgbj.mtrdVDs/3qWSk/LlSPYC";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
cc = {
isNormalUser = true;
shell = pkgs.bash;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # for sudo access
"audio"
"networkmanager" # for modifying WiFi without sudo
"input"
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
};
system.stateVersion = "24.05";
}

139
nix/systems/x86_64-linux/apollo/disko-config.nix Normal file
View file

@ -0,0 +1,139 @@
{ ... }: {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
priority = 1;
};
efi = {
name = "EFI";
size = "512M";
type = "EF00";
priority = 2;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [ "fmask=0137" "dmask=0027" ];
};
};
xbootldr = {
name = "XBOOTLDR";
size = "512M";
type = "EA00";
priority = 3;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
# encryptedSwap = {
# size = "34G";
# content = {
# type = "swap";
# randomEncryption = true;
# priority = 100; # prefer to encrypt as long as we have space for it
# };
# };
cryptswap = {
size = "34G";
label = "luksswap";
priority = 4;
content = {
type = "luks";
name = "cryptswap";
settings = { allowDiscards = true; };
content = {
type = "swap";
randomEncryption = true;
};
};
};
cryptroot = {
size = "100%";
label = "luksroot";
priority = 5;
content = {
type = "luks";
name = "cryptroot";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@home"
];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@log"
];
};
"@docker" = {
mountpoint = "/var/lib/docker";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@docker"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@nix"
];
};
};
};
};
};
};
};
};
};
};
}

367
nix/systems/x86_64-linux/apollo/flake.lock Normal file
View file

@ -0,0 +1,367 @@
{
"nodes": {
"darwin-nixpkgs": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "41dea55321e5a999b17033296ac05fe8a8b5a257",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729712798,
"narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
"owner": "nix-community",
"repo": "disko",
"rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729894599,
"narHash": "sha256-nL9nzNE5/re/P+zOv7NX6bRm5e+DeS1HIufQUJ01w20=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "93435d27d250fa986bfec6b2ff263161ff8288cb",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"darwin-nixpkgs"
]
},
"locked": {
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1729742320,
"narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1729665710,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darwin-nixpkgs": "darwin-nixpkgs",
"disko": "disko",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib",
"wezterm": "wezterm"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"wezterm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1719005984,
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "c6238c83de101729c5de3a29586ba166a9a65622",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay",
"zlib": "zlib"
},
"locked": {
"dir": "nix",
"lastModified": 1729006311,
"narHash": "sha256-1xtKJHu6CFnOhp4snof+WSTwcdPgwIaD6mBODP/cv3w=",
"owner": "wez",
"repo": "wezterm",
"rev": "9ddca7bde92090792dbcdc65c1e9897c362196d7",
"type": "github"
},
"original": {
"dir": "nix",
"owner": "wez",
"repo": "wezterm",
"type": "github"
}
},
"zlib": {
"flake": false,
"locked": {
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

30
nix/systems/x86_64-linux/apollo/hardware-configuration.nix Normal file
View file

@ -0,0 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, inputs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./disko-config.nix
inputs.disko.nixosModules.disko
];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

80
nix/systems/x86_64-linux/hashirama/default.nix Normal file
View file

@ -0,0 +1,80 @@
{ modulesPath, pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disko-config.nix
inputs.disko.nixosModules.disko
];
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "hashirama";
firewall = {
enable = true;
allowedTCPPorts = [
80 # paperless
443 # paperless
];
};
};
snowflake = {
locale = "en_US.UTF-8";
extraPackages = [ ];
core = {
openssh.enable = true;
latestKernel = true;
};
hardware = {
isEfi = false;
diskDevice = "/dev/sda";
isInitrdLuksUnlockingEnabled = true;
};
user = {
enable = true;
users = {
cc = {
isNormalUser = true;
shell = pkgs.bash;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # Enable sudo for the user.
"docker"
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
services = {
tika = { enable = true; };
redis = {
enable = true;
servers = {
saturobi = {
enable = true;
port = 6379;
};
};
};
paperless = {
enable = true;
domain = "paperless.codingcoffee.me";
};
nginx = {
enable = true;
acmeEmail = "letsencrypt@codingcoffee.me";
};
};
};
system.stateVersion = "24.05"; # Did you read the comment?
}

78
nix/systems/x86_64-linux/hashirama/disko-config.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, ... }: {
disko.devices = {
disk = {
main = {
type = "disk";
device = config.snowflake.hardware.diskDevice;
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
name = "cryptroot";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@home"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@nix"
];
};
};
};
};
};
};
};
};
};
};
}

388
nix/systems/x86_64-linux/hashirama/flake.lock Normal file
View file

@ -0,0 +1,388 @@
{
"nodes": {
"darwin-nixpkgs": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "41dea55321e5a999b17033296ac05fe8a8b5a257",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729712798,
"narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
"owner": "nix-community",
"repo": "disko",
"rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729894599,
"narHash": "sha256-nL9nzNE5/re/P+zOv7NX6bRm5e+DeS1HIufQUJ01w20=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "93435d27d250fa986bfec6b2ff263161ff8288cb",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"darwin-nixpkgs"
]
},
"locked": {
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1729742320,
"narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-needtoreboot": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715010630,
"narHash": "sha256-zOMZDSAd3w1Dd5Jcs3nYae7aNomb3qfMJmCQl2ucZok=",
"owner": "thefossguy",
"repo": "nixos-needsreboot",
"rev": "8a3f64cc3c246cc6311485ad96ee9db0989c1377",
"type": "github"
},
"original": {
"owner": "thefossguy",
"repo": "nixos-needsreboot",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1729665710,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darwin-nixpkgs": "darwin-nixpkgs",
"disko": "disko",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixos-hardware": "nixos-hardware",
"nixos-needtoreboot": "nixos-needtoreboot",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib",
"wezterm": "wezterm"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"wezterm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1719005984,
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "c6238c83de101729c5de3a29586ba166a9a65622",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay",
"zlib": "zlib"
},
"locked": {
"dir": "nix",
"lastModified": 1729006311,
"narHash": "sha256-1xtKJHu6CFnOhp4snof+WSTwcdPgwIaD6mBODP/cv3w=",
"owner": "wez",
"repo": "wezterm",
"rev": "9ddca7bde92090792dbcdc65c1e9897c362196d7",
"type": "github"
},
"original": {
"dir": "nix",
"owner": "wez",
"repo": "wezterm",
"type": "github"
}
},
"zlib": {
"flake": false,
"locked": {
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

75
nix/systems/x86_64-linux/predator/default.nix Normal file
View file

@ -0,0 +1,75 @@
{
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs, ... }: {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "predator";
firewall = { enable = true; };
};
snowflake = {
locale = "en_US.UTF-8";
extraPackages = [ ];
core = {
openssh.enable = true;
usbguard = {
enable = true;
serviceEnable = true;
rules = ''
allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 04ca:3016 serial "" name "" hash "sWyd7TOtgnEsF2goHz8YArmVFOJ2oPOaXymfNvIlfX4=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-7" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"
allow id 04f2:b5f7 serial "" name "HD WebCam" hash "qQuh2zlQME9E1ToJeITgPbgnlVw4GNizEh9S36RoDEw=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-9" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 } with-connect-type "hardwired"
'';
};
latestKernel = true;
};
networking = {
wakeOnLan = {
enable = true;
interface = "enp3s0f1";
};
netbirdClient = { enable = true; };
};
hardware = {
isEfi = true;
xbootldrMountPoint = "/boot";
efiSysMountPoint = "/efi";
diskDevice = "/dev/sda";
isInitrdLuksUnlockingEnabled = true;
laptop = {
enable = true;
lidSwitch = "ignore";
};
};
user = {
enable = true;
users = {
cc = {
isNormalUser = true;
shell = pkgs.bash;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # Enable sudo for the user.
"docker"
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
};
system.stateVersion = "24.05"; # Did you read the comment?
}

167
nix/systems/x86_64-linux/predator/disko-config.nix Normal file
View file

@ -0,0 +1,167 @@
{ config, ... }: {
disko.devices = {
disk = {
main = {
type = "disk";
device = config.snowflake.hardware.diskDevice;
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
priority = 1;
};
efi = {
name = "EFI";
size = "512M";
type = "EF00";
priority = 2;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [ "fmask=0137" "dmask=0027" ];
};
};
xbootldr = {
name = "XBOOTLDR";
size = "512M";
type = "EA00";
priority = 3;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
cryptswap = {
size = "34G";
label = "luksswap";
priority = 4;
content = {
type = "luks";
name = "cryptswap";
settings = { allowDiscards = true; };
content = {
type = "swap";
randomEncryption = true;
};
};
};
cryptroot = {
size = "100%";
label = "luksroot";
priority = 5;
content = {
type = "luks";
name = "cryptroot";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@home"
];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@log"
];
};
"@docker" = {
mountpoint = "/var/lib/docker";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@docker"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@nix"
];
};
};
};
};
};
};
};
};
storage = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
cryptroot = {
size = "100%";
label = "luksdata";
priority = 5;
content = {
type = "luks";
name = "cryptdata";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "DISK1" "-f" ];
subvolumes = {
"@data" = {
mountpoint = "/mnt/disk1";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
};
};
};
};
};
};
};
};
};
}

388
nix/systems/x86_64-linux/predator/flake.lock Normal file
View file

@ -0,0 +1,388 @@
{
"nodes": {
"darwin-nixpkgs": {
"locked": {
"lastModified": 1730958623,
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1731060864,
"narHash": "sha256-aYE7oAYZ+gPU1mPNhM0JwLAQNgjf0/JK1BF1ln2KBgk=",
"owner": "nix-community",
"repo": "disko",
"rev": "5e40e02978e3bd63c2a6a9fa6fa8ba0e310e747f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730837930,
"narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"darwin-nixpkgs"
]
},
"locked": {
"lastModified": 1731153869,
"narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "5c74ab862c8070cbf6400128a1b56abb213656da",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1730919458,
"narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-needtoreboot": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715010630,
"narHash": "sha256-zOMZDSAd3w1Dd5Jcs3nYae7aNomb3qfMJmCQl2ucZok=",
"owner": "thefossguy",
"repo": "nixos-needsreboot",
"rev": "8a3f64cc3c246cc6311485ad96ee9db0989c1377",
"type": "github"
},
"original": {
"owner": "thefossguy",
"repo": "nixos-needsreboot",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1730785428,
"narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darwin-nixpkgs": "darwin-nixpkgs",
"disko": "disko",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixos-hardware": "nixos-hardware",
"nixos-needtoreboot": "nixos-needtoreboot",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib",
"wezterm": "wezterm"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"wezterm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729477859,
"narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730136121,
"narHash": "sha256-tfVayj13Zw+zzOKrmJhnvBod7Hdb9ixBR6/4GUlyMA0=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "dd348182c1a010993e68004eada86cf0341fe2c4",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay",
"zlib": "zlib"
},
"locked": {
"dir": "nix",
"lastModified": 1730734444,
"narHash": "sha256-lNgCAphrq3/bYGjgDxEl2rVcer6GnmfWXDhxc+kdYOk=",
"owner": "wez",
"repo": "wezterm",
"rev": "51c794ac500a2033b9dc570c71810518bfa667a9",
"type": "github"
},
"original": {
"dir": "nix",
"owner": "wez",
"repo": "wezterm",
"type": "github"
}
},
"zlib": {
"flake": false,
"locked": {
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

30
nix/systems/x86_64-linux/predator/hardware-configuration.nix Normal file
View file

@ -0,0 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, inputs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.disko.nixosModules.disko
./disko-config.nix
];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "r8169" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

153
nix/systems/x86_64-linux/thinkpad/default.nix Normal file
View file

@ -0,0 +1,153 @@
{
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t480
];
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "thinkpad";
firewall = {
enable = true;
allowedTCPPorts = [
53317 # localsend
];
allowedUDPPorts = [
53317 # localsend
];
allowedTCPPortRanges = [
# KDE Connect
{
from = 1714;
to = 1764;
}
];
};
};
snowflake = {
locale = "en_US.UTF-8";
extraPackages = with pkgs; [
# try airdrop
opendrop
owl
wirelesstools
# # put in monitor mode
# sudo ifconfig wlp3s0 down
# sudo iwconfig wlp3s0 mode monitor
# sudo owl -i wlp3s0 -N
# # revert
# sudo ifconfig wlp3s0 down
# ip link set wlp3s0 up
];
core = {
openssh.enable = true;
usbguard = {
enable = true;
serviceEnable = true;
rules = ''
allow id 1d6b:0002 serial "0000:00:14.0" name "xHCI Host Controller" hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:00:14.0" name "xHCI Host Controller" hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" parent-hash "rV9bfLq7c2eA4tYjVjwO4bxhm+y6GgZpl9J60L0fBkY=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:3c:00.0" name "xHCI Host Controller" hash "+k9gUUE6Cnbob2WB/I//KMZ1hZ1UgvI6RrqNkIDvdmQ=" parent-hash "zCxLdr73Tn0YoKg15XR1ttIXizl8vMD+KtVAQnBZO8I=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:3c:00.0" name "xHCI Host Controller" hash "f/j0P3jeotLSPQLacl0JEBDT/k4mgTo84SKV39leYSc=" parent-hash "zCxLdr73Tn0YoKg15XR1ttIXizl8vMD+KtVAQnBZO8I=" with-interface 09:00:00 with-connect-type ""
allow id 8087:0a2b serial "" name "" hash "TtRMrWxJil9GOY/JzidUEOz0yUiwwzbLm8D7DJvGxdg=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "1-7" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "not used"
allow id 04f2:b604 serial "0001" name "Integrated Camera" hash "Sra5Do2lULxlGqcVOc0E68CJLWT1st8KiYXu4dbUQoQ=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 } with-connect-type "not used"
allow id 0bda:0316 serial "20120501030900000" name "USB3.0-CRW" hash "WG1MSC3YZsmCslTNGpjTTjT2lUvhNfU4gEVvD3gIuV4=" parent-hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" with-interface 08:06:50 with-connect-type "not used"
'';
};
latestKernel = true;
};
networking = {
networkmanager = { enable = true; };
netbirdClient = { enable = true; };
};
hardware = {
isEfi = true;
xbootldrMountPoint = "/boot";
efiSysMountPoint = "/efi";
diskDevice = "/dev/sda";
isInitrdLuksUnlockingEnabled = true;
laptop = {
enable = true;
lidSwitch = "lock";
};
};
services = {
syncthing = {
enable = true;
user = "cc";
password = "xxxxxxxxxx";
dataDir = "/home/cc/Documents";
configDir = "/home/cc/.config/syncthing";
};
restic = {
enable = true;
name = "thinkpad";
};
};
workstation = {
enable = true;
isDevMachine = true;
desktop = {
enable = true;
autoLoginUser = "cc";
};
networking.profiles.enable = true;
};
virtualisation = {
docker.enable = true;
kvm = {
enable = true;
ovmf.enable = false;
};
};
user = {
enable = true;
users = {
cc = {
isNormalUser = true;
shell = pkgs.zsh;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # for sudo access
"audio"
"networkmanager" # for modifying WiFi without sudo
"docker" # for docker cli without root
"input"
"kvm" # for kvm VMs
"libvirtd" # for kvm VMs
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
};
environment.etc = {
# wireguaard config
"wireguard/gvine.conf".source = ../../../conf/wireguard/gvine.conf;
"wireguard/kryo.conf".source = ../../../conf/wireguard/kryo.conf;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

388
nix/systems/x86_64-linux/thinkpad/flake.lock Normal file
View file

@ -0,0 +1,388 @@
{
"nodes": {
"darwin-nixpkgs": {
"locked": {
"lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730751873,
"narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=",
"owner": "nix-community",
"repo": "disko",
"rev": "856a2902156ba304efebd4c1096dbf7465569454",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730633670,
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"darwin-nixpkgs"
]
},
"locked": {
"lastModified": 1730779758,
"narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1730828750,
"narHash": "sha256-XrnZLkLiBYNlwV5gus/8DT7nncF1TS5la6Be7rdVOpI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2e78b1af8025108ecd6edaa3ab09695b8a4d3d55",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-needtoreboot": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715010630,
"narHash": "sha256-zOMZDSAd3w1Dd5Jcs3nYae7aNomb3qfMJmCQl2ucZok=",
"owner": "thefossguy",
"repo": "nixos-needsreboot",
"rev": "8a3f64cc3c246cc6311485ad96ee9db0989c1377",
"type": "github"
},
"original": {
"owner": "thefossguy",
"repo": "nixos-needsreboot",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darwin-nixpkgs": "darwin-nixpkgs",
"disko": "disko",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixos-hardware": "nixos-hardware",
"nixos-needtoreboot": "nixos-needtoreboot",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib",
"wezterm": "wezterm"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"wezterm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729477859,
"narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730136121,
"narHash": "sha256-tfVayj13Zw+zzOKrmJhnvBod7Hdb9ixBR6/4GUlyMA0=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "dd348182c1a010993e68004eada86cf0341fe2c4",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay",
"zlib": "zlib"
},
"locked": {
"dir": "nix",
"lastModified": 1730734444,
"narHash": "sha256-lNgCAphrq3/bYGjgDxEl2rVcer6GnmfWXDhxc+kdYOk=",
"owner": "wez",
"repo": "wezterm",
"rev": "51c794ac500a2033b9dc570c71810518bfa667a9",
"type": "github"
},
"original": {
"dir": "nix",
"owner": "wez",
"repo": "wezterm",
"type": "github"
}
},
"zlib": {
"flake": false,
"locked": {
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

70
nix/systems/x86_64-linux/thinkpad/hardware-configuration.nix Normal file
View file

@ -0,0 +1,70 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/305421e4-ad68-4fb4-ad9e-dc0239d0fc3a";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."cryptroot".device =
"/dev/disk/by-uuid/8fd8ef17-6efb-4c59-a692-4a30e96aa06c";
boot.initrd.luks.devices."cryptswap".device =
"/dev/disk/by-uuid/321a7b30-e4d9-458c-b2c6-3c9d586b7f95";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/305421e4-ad68-4fb4-ad9e-dc0239d0fc3a";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/29F3-6F90";
fsType = "vfat";
options = [ "fmask=0137" "dmask=0027" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2A29-82FE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/305421e4-ad68-4fb4-ad9e-dc0239d0fc3a";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/305421e4-ad68-4fb4-ad9e-dc0239d0fc3a";
fsType = "btrfs";
options = [ "subvol=@log" ];
};
swapDevices =
[{ device = "/dev/disk/by-uuid/d4ebc4af-c76b-4a16-999f-0e26b70b90aa"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

149
nix/systems/x86_64-linux/zephyrus/default.nix Normal file
View file

@ -0,0 +1,149 @@
{
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs, inputs, ... }: {
imports = [
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-nvidia
];
specialisation = {
amd.configuration = {
imports =
[ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-amdgpu ];
disabledModules =
[ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga402x-nvidia ];
environment.etc."specialisation".text = "amd";
};
};
# basic setup
time.timeZone = "Asia/Kolkata";
networking = {
hostName = "zephyrus";
firewall = {
enable = true;
allowedTCPPorts = [
53317 # localsend
];
allowedUDPPorts = [
53317 # localsend
];
allowedTCPPortRanges = [
# KDE Connect
{
from = 1714;
to = 1764;
}
];
};
};
snowflake = {
locale = "en_US.UTF-8";
core = {
openssh.enable = true;
usbguard = {
enable = true;
serviceEnable = true;
rules = ''
allow id 1d6b:0002 serial "0000:65:00.3" name "xHCI Host Controller" hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" parent-hash "+g49kFA/DLPqqT4vRVfh/J3qcZm1eDYtwEhM+g/uLPE=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:65:00.3" name "xHCI Host Controller" hash "mIzU4fq70wRZa1T12gqLMSw7U2q9oA7P9dJxsssOayY=" parent-hash "+g49kFA/DLPqqT4vRVfh/J3qcZm1eDYtwEhM+g/uLPE=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:65:00.4" name "xHCI Host Controller" hash "NmYNS6NdTvXYWgsPKd+yQpw3t1mmAxiU8d4XQUBkH3I=" parent-hash "Znd9qz9Qs25cZtzXKrrJ7cTtJEGnWeuCGwYOaXme9ek=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:65:00.4" name "xHCI Host Controller" hash "y9Nk9H3fHo5epOhAW7s82MOJnnWZ/yFxSfccOQ/9Qzs=" parent-hash "Znd9qz9Qs25cZtzXKrrJ7cTtJEGnWeuCGwYOaXme9ek=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:67:00.4" name "xHCI Host Controller" hash "Cc+/NRzwn5FbQnzCQnJg0Sk0j05oRhcuKMUgVhlscSo=" parent-hash "e1e8cr4KK9QwD6zkfzdDwCklou0xWP10uuDzXNbqcl8=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:67:00.4" name "xHCI Host Controller" hash "q/cXrlPF1ME1cca1ODj3Zw2+KvUlO/AyHWhLBLcXEY0=" parent-hash "e1e8cr4KK9QwD6zkfzdDwCklou0xWP10uuDzXNbqcl8=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0002 serial "0000:67:00.3" name "xHCI Host Controller" hash "vrNNUIIcgkYEpDuGVktyyzvajURe8f8q0r+bX4UUOAU=" parent-hash "vBDAY9DPeKU7PmpNjjQF6BFGmMMUf5GcWT7mUBq3V/w=" with-interface 09:00:00 with-connect-type ""
allow id 1d6b:0003 serial "0000:67:00.3" name "xHCI Host Controller" hash "oH0wqHMpez4C8qzE5sAEzaOFyHBgpK0tboegCmyJUKQ=" parent-hash "vBDAY9DPeKU7PmpNjjQF6BFGmMMUf5GcWT7mUBq3V/w=" with-interface 09:00:00 with-connect-type ""
allow id 0b05:19b6 serial "" name "N-KEY Device" hash "uOF2q+JtR+N2zPqqjWBZF2mtj4k1P288Y14Bc3Ys5nw=" parent-hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" via-port "1-3" with-interface 03:01:01 with-connect-type "not used"
allow id 0b05:193b serial "" name "ITE Device(8295)" hash "ftvLuhqr/PFdJv9LZ1cPFK4Dsl7PKfHvYU5ppnsFwko=" parent-hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" via-port "1-4" with-interface 03:01:01 with-connect-type "not used"
allow id 0489:e0f6 serial "000000000" name "Wireless_Device" hash "2zGpttB3IyVW7/frL+KK/GcLAB1X5tL3KIC+iKRyWjs=" parent-hash "WzNerMjWOkFgAWCzXluD4lHtKgE+JDIqv97YjnIaxVg=" with-interface { e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 e0:01:01 } with-connect-type "hardwired"
allow id 3277:0018 serial "" name "USB2.0 FHD UVC WebCam" hash "JlgFONxs2KZ0CHsZ+/w7pTukZMabSq1ATObpw8H6LbI=" parent-hash "NmYNS6NdTvXYWgsPKd+yQpw3t1mmAxiU8d4XQUBkH3I=" via-port "3-1" with-interface { 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:01:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 0e:02:00 } with-connect-type "hardwired"
'';
};
latestKernel = true;
};
networking = {
networkmanager = { enable = true; };
netbirdClient = { enable = true; };
};
hardware = {
isEfi = true;
xbootldrMountPoint = "/boot";
efiSysMountPoint = "/efi";
diskDevice = "/dev/nvme0n1";
isInitrdLuksUnlockingEnabled = true;
laptop = {
enable = true;
lidSwitch = "lock";
};
};
services = {
asus.enable = true;
syncthing = {
enable = true;
user = "cc";
password = "xxxxxxxxxx";
dataDir = "/home/cc/Documents";
configDir = "/home/cc/.config/syncthing";
};
};
workstation = {
enable = true;
isDevMachine = true;
desktop = {
enable = true;
autoLoginUser = "cc";
};
networking.profiles.enable = true;
};
virtualisation = {
docker.enable = true;
kvm.enable = true;
};
user = {
enable = true;
users = {
cc = {
isNormalUser = true;
shell = pkgs.zsh;
description = "Ameya Shenoy";
extraGroups = [
"wheel" # for sudo access
"audio"
"networkmanager" # for modifying WiFi without sudo
"docker" # for docker cli without root
"input"
"kvm" # for kvm VMs
"libvirtd" # for kvm VMs
];
initialHashedPassword =
"$y$j9T$cfmQcJ67WPKPEhsIbH2aC.$m8bDYq5dZrfx8NdU57jKbRc1nFuSB7iKdnAka6/u9R0";
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
];
};
};
};
};
environment.etc = {
# wireguaard config
"wireguard/gvine.conf".source = ../../../conf/wireguard/gvine.conf;
"wireguard/kryo.conf".source = ../../../conf/wireguard/kryo.conf;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

130
nix/systems/x86_64-linux/zephyrus/disko-config.nix Normal file
View file

@ -0,0 +1,130 @@
{ ... }: {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
priority = 1;
};
efi = {
name = "EFI";
size = "512M";
type = "EF00";
priority = 2;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [ "fmask=0137" "dmask=0027" ];
};
};
xbootldr = {
name = "XBOOTLDR";
size = "512M";
type = "EA00";
priority = 3;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
cryptswap = {
size = "34G";
label = "luksswap";
priority = 4;
content = {
type = "luks";
name = "cryptswap";
settings = { allowDiscards = true; };
content = {
type = "swap";
randomEncryption = true;
};
};
};
cryptroot = {
size = "100%";
label = "luksroot";
priority = 5;
content = {
type = "luks";
name = "cryptroot";
# passwordFile = "/tmp/secret.key"; # Interactive; you can use this directive to automate the process. Populate using: `echo "password" >/tmp/secret.key` on the remote machine
settings = { allowDiscards = true; };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-L" "nixos" "-f" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@home"
];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@log"
];
};
"@docker" = {
mountpoint = "/var/lib/docker";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@docker"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"ssd"
"noatime"
"compress=zstd:1"
"space_cache=v2"
"subvol=@nix"
];
};
};
};
};
};
};
};
};
};
};
}

367
nix/systems/x86_64-linux/zephyrus/flake.lock Normal file
View file

@ -0,0 +1,367 @@
{
"nodes": {
"darwin-nixpkgs": {
"locked": {
"lastModified": 1729850857,
"narHash": "sha256-WvLXzNNnnw+qpFOmgaM3JUlNEH+T4s22b5i2oyyCpXE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "41dea55321e5a999b17033296ac05fe8a8b5a257",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729712798,
"narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
"owner": "nix-community",
"repo": "disko",
"rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"freetype2": {
"flake": false,
"locked": {
"lastModified": 1687587065,
"narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=",
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
},
"original": {
"owner": "wez",
"repo": "freetype2",
"rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d",
"type": "github"
}
},
"harfbuzz": {
"flake": false,
"locked": {
"lastModified": 1711722720,
"narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=",
"owner": "harfbuzz",
"repo": "harfbuzz",
"rev": "63973005bc07aba599b47fdd4cf788647b601ccd",
"type": "github"
},
"original": {
"owner": "harfbuzz",
"ref": "8.4.0",
"repo": "harfbuzz",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729894599,
"narHash": "sha256-nL9nzNE5/re/P+zOv7NX6bRm5e+DeS1HIufQUJ01w20=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "93435d27d250fa986bfec6b2ff263161ff8288cb",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"libpng": {
"flake": false,
"locked": {
"lastModified": 1549245649,
"narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=",
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
},
"original": {
"owner": "glennrp",
"repo": "libpng",
"rev": "8439534daa1d3a5705ba92e653eda9251246dd61",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"darwin-nixpkgs"
]
},
"locked": {
"lastModified": 1729826725,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"type": "github"
},
"original": {
"owner": "LnL7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1729742320,
"narHash": "sha256-u3Of8xRkN//me8PU+RucKA59/6RNy4B2jcGAF36P4jI=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1729665710,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"darwin-nixpkgs": "darwin-nixpkgs",
"disko": "disko",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"snowfall-lib": "snowfall-lib",
"wezterm": "wezterm"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"wezterm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1726280639,
"narHash": "sha256-YfLRPlFZWrT2oRLNAoqf7G3+NnUTDdlIJk6tmBU7kXM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "e9f8641c92f26fd1e076e705edb12147c384171d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1719005984,
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "c6238c83de101729c5de3a29586ba166a9a65622",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",
"freetype2": "freetype2",
"harfbuzz": "harfbuzz",
"libpng": "libpng",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay",
"zlib": "zlib"
},
"locked": {
"dir": "nix",
"lastModified": 1729006311,
"narHash": "sha256-1xtKJHu6CFnOhp4snof+WSTwcdPgwIaD6mBODP/cv3w=",
"owner": "wez",
"repo": "wezterm",
"rev": "9ddca7bde92090792dbcdc65c1e9897c362196d7",
"type": "github"
},
"original": {
"dir": "nix",
"owner": "wez",
"repo": "wezterm",
"type": "github"
}
},
"zlib": {
"flake": false,
"locked": {
"lastModified": 1484501380,
"narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=",
"owner": "madler",
"repo": "zlib",
"rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f",
"type": "github"
},
"original": {
"owner": "madler",
"ref": "v1.2.11",
"repo": "zlib",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

37
nix/systems/x86_64-linux/zephyrus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, inputs, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./disko-config.nix
inputs.disko.nixosModules.disko
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usbhid"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"mt7921e"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}